Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled CloudWatch event to trigger a review of the current infrastructure.
What process will check compliance of the company’s EC2 instances?
A . Trigger an AWS Config Rules evaluation of the restricted-common-ports rule against every EC2 instance.
B . Query the Trusted Advisor API for all best practice security checks and check for "action recommened" status.
C . Enable a GuardDuty threat detection analysis targeting the port configuration on every EC2 instance.
D . Run an Amazon inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.
Answer: D
Explanation:
Option B is incorrect because querying Trusted Advisor API’s are not possible
Option C is incorrect because GuardDuty should be used to detect threats and not check the compliance of security protocols.
Option D states that Run Amazon Inspector using runtime behavior analysis rules which will analyze the behavior of your instances during an assessment run, and provide guidance about how to make your EC2 instances more secure. Insecure Server Protocols
This rule helps determine whether your EC2 instances allow support for insecure and unencrypted ports/services such as FTP, Telnet HTTP, IMAP, POP version 3, SMTP, SNMP versions 1 and 2, rsh, and rlogin.
For more information, please refer to below URL:
https://docs.aws.amazon.eom/mspector/latest/userguide/inspector_runtime-behavior-analysis.html#insecure-protocols
(
The correct answer is: Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance. Submit your Feedback/Queries to our Experts
Leave a Reply