A Devops team is currently looking at the security aspect of their CI/CD pipeline. They are making use of AWS resource? for their infrastructure. They want to ensure that the EC2 Instances don’t have any high security vulnerabilities. They want to ensure a complete DevSecOps process.
How can this be achieved?
A. Use AWS Config to check the state of the EC2 instance for any sort of security issues.
B. Use AWS Inspector API’s in the pipeline for the EC2 Instances
C. Use AWS Trusted Advisor API’s in the pipeline for the EC2 Instances
D. Use AWS Security Groups to ensure no vulnerabilities are present
Answer: B
Explanation:
Amazon Inspector offers a programmatic way to find security defects or misconfigurations in your operating systems and applications. Because you can use API calls to access both the processing of assessments and the results of your assessments, integration of the findings into workflow and notification systems is simple. DevOps teams
can integrate Amazon Inspector into their CI/CD pipelines and use it to identify any pre-existing issues or when new issues are introduced.
Option A.C and D are all incorrect since these services cannot check for Security Vulnerabilities. These can only be checked by the AWS Inspector service.
For more information on AWS Security best practices, please refer to below URL:
https://d1.awsstatic.com/whitepapers/Security/AWS Security Best Practices.pdl
The correct answer is: Use AWS Inspector API’s in the pipeline for the EC2 Instances Submit your Feedback/Queries to our Experts
Leave a Reply