AWS Security Best Practices: Commonly Seen Security Issues in Your AWS Account

Check for Security Issues in Your AWS Account

Prev Question Next Question

Question

You just joined a team as an AWS security specialist.

You need to quickly examine if there are some commonly seen security issues in one AWS account.

For example, you want to check if MFA is enabled for the root account and if certain S3 buckets grant global access.

It is known that the AWS account did not enable AWS Config.

Which tool or service would you use to get the required information?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - A.

AWS Trusted Advisor could check security items, including MFA on Root Account, Amazon S3 Bucket Permissions, Amazon EBS Public Snapshots, etc.

You can use it to get a quick view of the security of the AWS environment.

Please refer to https://aws.amazon.com/premiumsupport/technology/trusted-advisor/ for how AWS Trusted Advisor works.

Option A is CORRECT: The security findings provided by Trusted Advisor can help you to get the required information:

Option B is incorrect: Amazon GuardDuty is an intelligent threat detection service.

However, it takes time to get the required information.

Option A is a much simpler solution.

Option C is incorrect: Because you have to configure several AWS Config rules to get all the security information.

Trusted Advisor is faster than this option.

Option D is incorrect: CloudTrail + Amazon Athena can analyze CloudTrail logs via SQL queries.

But this method cannot quickly identify security issues.

H a Security w & Pt 40 0A 20 Security Checks d» (1) MFA on Root Account Refreshed: 2 hours ago = Checks the root account and warns if multi-factor authentication (MFA) is not enabled. MFA is not enabled on the root account. d» (1) Security Groups - Specific Ports Unrestricted Refreshed: 2 hours ago = Checks security groups for rules that allow unrestricted access (0.0.0.0/0) to specific ports. 18 of 27 security group rules allow unrestricted access to a specific port. » Amazon EBS Public Snapshots & Checks the permission settings for your Amazon Elastic Block Store (Amazon EBS) volume snapshots and alerts you if any snapshots are marked as public. 0 EBS snapshots are marked as public. Q Q Q

As an AWS security specialist, you need to quickly examine if there are some commonly seen security issues in one AWS account. To do this, you need a tool or service that can help you check if MFA is enabled for the root account and if certain S3 buckets grant global access.

Option A: Check the security category of Trusted Advisor to see if there are any problems detected or actions recommended.

Trusted Advisor is a service that provides guidance and recommendations to optimize AWS resources and improve security, reliability, and performance. Trusted Advisor checks various AWS resources and settings, including security settings, and provides alerts and recommendations. The security category of Trusted Advisor includes checks for MFA on the root account and S3 bucket permissions. Therefore, Trusted Advisor can be used to quickly examine if there are any security issues related to MFA and S3 buckets in the AWS account. However, Trusted Advisor is not a comprehensive tool and may not cover all security issues. Also, it requires an active AWS Support subscription.

Option B: Enable AWS GuardDuty to automatically detect security issues or threats that are happening for the AWS resources.

AWS GuardDuty is a threat detection service that continuously monitors and analyzes AWS resources for potential security issues and threats. It uses machine learning and anomaly detection techniques to identify and prioritize security findings. GuardDuty can detect various types of security issues, including unauthorized access, compromised instances, and data exfiltration. However, GuardDuty may not provide specific information about MFA and S3 bucket permissions. Also, GuardDuty requires additional setup and configuration.

Option C: Enable AWS Config. Set up AWS provided Config rules to check security issues and provide alerts via SNS notifications if the rules are not compliant.

AWS Config is a service that provides a detailed inventory of AWS resources and their configurations, and tracks changes over time. AWS Config also allows you to set up rules to check compliance with certain configurations and settings, including security settings. AWS provides a set of pre-defined Config rules that can check for MFA on the root account and S3 bucket permissions. Config rules can also generate alerts via SNS notifications if the rules are not compliant. Therefore, AWS Config can be used to quickly examine if there are any security issues related to MFA and S3 buckets in the AWS account. However, AWS Config requires additional setup and configuration.

Option D: Configure CloudTrail + Amazon Athena to analyze the AWS resource activities. Find out potential security issues in the AWS account.

AWS CloudTrail is a service that provides a record of API calls and events for AWS resources. CloudTrail logs can be used to investigate security incidents and troubleshoot operational issues. Amazon Athena is a service that allows you to query and analyze data stored in S3 using SQL-like queries. By configuring CloudTrail to log specific events and using Amazon Athena to query and analyze the logs, you can find potential security issues related to MFA and S3 buckets in the AWS account. However, this option requires more advanced skills and may take more time to set up and analyze.

Overall, Option A, B, and C can be used to quickly examine if there are any security issues related to MFA and S3 buckets in the AWS account. Option D provides a more comprehensive approach but requires more advanced skills and setup. The best option depends on the specific needs and requirements of the situation.

Prev Question Next Question