Monitoring and Traffic Analysis for Financial Regulatory Firm

Ensure Compliance with AWS Cloud Environment Monitoring and Traffic Analysis Requirements

Prev Question Next Question

Question

A company is building an AWS Cloud Environment for a financial regulatory firm.

Part of the requirements are being able to monitor all changes in an environment and all traffic sent to and from the environment.

What suggestions would you make to ensure all the requirements for monitoring the financial architecture are satisfied? Choose the 2 correct answers from the options below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer - C and D.

Promiscuous mode Is not supported in AWS hence the options of A and B are automatically out.

Please find the below developer forums thread on the same.

https://forums.aws.amazon.com/thread.jspa?threadID=35683

Please find the below URL: to a good slide deck from AWS for getting IDS in place.

https://awsmedia.s3.amazonaws.com/SEC402.pdf

The correct answers are A and D.

Financial regulatory firms must ensure that their AWS environment is compliant with their regulatory requirements. Monitoring is a critical requirement to maintain compliance. The organization needs to monitor all changes in the environment and all traffic sent to and from the environment. The following are the suggested solutions:

A. Configure an IPS/IDS in promiscuous mode, which will listen to all packet traffic and API changes.

Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) are security appliances that detect and prevent malicious activities in a network. Promiscuous mode enables the IDS/IPS to monitor all network traffic without interfering with the normal network operation. This option will enable the organization to capture all the network traffic and API changes in the environment.

D. Configure CloudTrail with CloudWatch Logs to monitor all changes within an environment.

CloudTrail is a service that enables the organization to log, continuously monitor, and retain account activity-related events across their AWS environment. CloudWatch Logs is a service that enables the organization to monitor, store, and access log files from EC2 instances, CloudTrail, and other AWS services. This option will enable the organization to monitor all changes in the environment, such as changes to security groups, network access control lists, and IAM policies.

B, C, and E are not correct answers because:

B. Configure an IPS/IDS system, such as Palo Alto Networks, using promiscuous mode that monitors, filters, and alerts of all potential hazard traffic leaving the VP.

This option only monitors outbound traffic leaving the Virtual Private Network ( VPN). It does not capture changes in the environment, and it does not monitor inbound traffic.

C. Configure an IPS/IDS to listen and block all suspected bad traffic coming into and out of the VP.

This option only blocks suspected bad traffic, and it does not capture changes in the environment.

E. Configure an IPS/IDS system, such as Palo Alto Networks, that monitors, filters, and alerts of all potential hazard traffic leaving the VP.

This option only monitors outbound traffic leaving the VPN. It does not capture changes in the environment, and it does not monitor inbound traffic.