Meeting EC2 Patch Compliance and Security Monitoring for Financial Companies | Best Approaches

Ensure EC2 Instances Meet Patch Compliance and Implement Robust Security Monitoring

Prev Question Next Question

Question

A financial company recently encountered an IT security incident for one of its AWS EC2 instances.

An attacker used Kali Linux penetration testing tool to scan the company's EC2 resources, found an EC2 configuration weaknesses and then gained unauthorized access.

You need to work out a plan to make sure that all EC2 instances always meet patch compliance.

A monitoring tool is also required for these kinds of potential security risks.

Which approaches should you take in together to meet the requirements? (Select TWO.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Correct Answer - B, E.

Option A is incorrect: To meet patch compliance, the best tool is Patch Manager rather than Run Command.

Option B should be chozen.

Option B is CORRECT: Because Patch Manager can easily apply necessary patches in EC2 instances according to established patch baselines.

Option C is incorrect: AWS Macie is a tool to scan security issues in S3 only.

It can not discover issues mentioned in the question.

Option D is incorrect: Because QuickSight is a tool to create and publish interactive dashboards which can not monitor security risks.

Option E is CORRECT: Because AWS GuardDuty is appropriate to monitor the mentioned security issues.

PenTest:IAMUser/KaliLinux is also a finding type of GuardDuty.

GuardDuty will report this risk when a machine running Kali Linux is making API calls using credentials of your AWS account.

To meet the requirements, you need to take two approaches: ensuring patch compliance and setting up a monitoring tool for potential security risks.

Approach 1: Ensuring Patch Compliance

Option A: Use AWS Systems Manager Run Command to apply necessary patches every 30 days to ensure all EC2 instances are always patch compliant.

AWS Systems Manager Run Command allows you to remotely and securely manage the configuration of your instances. You can use it to execute commands or scripts on one or more instances, without requiring access to the instances themselves. Using Run Command, you can apply patches to your EC2 instances every 30 days, ensuring that they are always patch compliant.

Option B: Configure patch baselines in AWS Systems Manager and use Patch Manager to apply patches in a maintenance window.

AWS Systems Manager Patch Manager enables you to automate the process of patching your instances. You can create patch baselines that define which patches should be installed on your instances, and then use Patch Manager to apply those patches in a maintenance window. By doing so, you can ensure that your instances are always up-to-date with the latest security patches.

Approach 2: Setting up a Monitoring Tool for Potential Security Risks

Option C: Configure AWS Macie to continuously monitor security issues for AWS resources. Configure SNS notifications based on Macie alarms in CloudWatch Events.

AWS Macie is a security service that uses machine learning to discover, classify, and protect sensitive data stored in AWS. Macie continuously monitors your resources and alerts you if it detects any security issues. You can configure SNS notifications based on Macie alarms in CloudWatch Events, allowing you to receive alerts and take immediate action if necessary.

Option D: Configure monitoring dashboard in AWS QuickSight which uses machine learning skills to discover security incidents that are happening.

AWS QuickSight is a business intelligence service that allows you to create interactive dashboards and reports from your data. You can use QuickSight to create a monitoring dashboard that uses machine learning to discover security incidents that are happening in your environment. This can help you quickly identify potential security threats and take appropriate action.

Option E: Enable AWS GuardDuty to monitor potential security incidents. Create CloudWatch Event rules based on the findings and trigger SNS notifications.

AWS GuardDuty is a threat detection service that continuously monitors for malicious activity in your AWS environment. It analyzes data from multiple sources, such as VPC Flow Logs and AWS CloudTrail logs, to identify potential security threats. You can create CloudWatch Event rules based on GuardDuty findings and trigger SNS notifications, allowing you to receive alerts and take immediate action if necessary.

In summary, to meet the requirements of ensuring patch compliance and setting up a monitoring tool for potential security risks, you should choose options A and B for patch compliance and options C and E for setting up a monitoring tool. Option D may also be useful for creating a monitoring dashboard.