In the security domain the term Intrusion Prevention System (not Intruder Prevention System) has an established meaning, which is consistent with following excerpt from the AWS PDF (SEC_01_TSB):
"Intrusion Prevention Systems (IPS) are positioned behind firewalls and provide an additional layer of security by scanning and analyzing suspicious content for potential threats. Placed in the direct communication path, an IPS will take automatic action on suspicious traffic within the network."
The defining feature in contrast to an IDS is the automatic action part.
Based on this definition, AWS Inspector is definitly not an IPS, nor the MFA feature for user login as claimed in the security quiz of the course. There are IPS partner solutions available on the AWS marketplace which might utilize Inspector findings for automatic remediation actions, but the OOTB product itself is more of an automated vulnerability asessment tool. MFA is a preventive security control, but has also nothing to do with IPS either.
Just wanted to clarify this 🙂
1 Answers
Thanks pmiko,
I just pushed an update for the video and will push one for the quiz shortly. The definition in the AWS PDF you indicate is definitely the correct one for the exam context. That said, I can’t recall any IDS or IPS questions on the beta exam which seemed strange to me.
Hi Scott, thanks a lot for the quick response 🙂 Regards, Patrick
BTW: It seems to be that quiz question 3 about OAuth 2.0 has a wrong ‘correct’ answer: "OAuth 2.0 provides authentication only and issues tokens to clients." OAuth is actually an authorization protocol, as correctly mentioned on the slides. Regards, Patrick
Yes, it threw me off base as well, thanks Patrick – from another Patrick
Thanks Patricks for pointing this typo out. I’ve just pushed the correction.
Yes, this ‘definitely’ threw me off base as well, thanks for posting Patrick M, from Patrick (senior ISSE – CISSP-ISSEP)