You just joined a company as a security specialist.
Your company uses varieties of AWS services to host its applications. You want to quickly understand if the existing underlying AWS Infrastructure meets the security compliance regulations of the company. You also need to continuously monitor and measure configuration changes for new and existing resources running on AWS. Which options can help you to achieve the requirements? (SELECT TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D.Answer : A and B.
Option A is CORRECT because AWS Artifact is a portal that provides an enterprise with access to security and compliance reports that apply to the underlying Infrastructure running on AWS public cloud.
This satisfies the first expectation of the question.
Option B is CORRECT because, with AWS Config rules, customers can control how they use AWS resources.
They can create desired configuration rules to evaluate if AWS resources comply with them.
Option C is incorrect because the AWS Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps, but it does not help to provide compliance reports or monitor any configuration changes on the AWS environment.
Option D is incorrect because AWS Service Catalog enables organizations to create and manage catalogs of IT services that are approved for use on AWS, but it does not help to provide compliance reports or monitor any configuration changes on the AWS environment.
Reference:
https://aws.amazon.com/artifact/ https://aws.amazon.com/config/To quickly understand if the existing underlying AWS infrastructure meets the security compliance regulations of the company, and to continuously monitor and measure configuration changes for new and existing resources running on AWS, two options are suggested:
Option A: Download the compliance documents from AWS Artifact to prove that the underlying AWS infrastructure is compliant with safety regulations.
AWS Artifact is a platform that provides customers with on-demand access to AWS compliance reports, including SOC, PCI, HIPAA, and more. By downloading the compliance documents from AWS Artifact, the security specialist can quickly understand if the underlying AWS infrastructure meets the security compliance regulations of the company. The compliance reports detail the security controls in place and the level of compliance with various security standards. By using these reports, the security specialist can also identify any gaps in compliance and work to address them.
Option B: Create AWS Config custom rules using Lambda functions to continuously monitor the AWS environment and trigger alerts if certain rules are not compliant as per the configuration requirements of the organization.
AWS Config is a service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Config continuously monitors the configuration of AWS resources and alerts users when a configuration change occurs that violates a specified rule. The security specialist can create custom rules using Lambda functions to continuously monitor the AWS environment and trigger alerts if certain rules are not compliant with the configuration requirements of the organization. This option helps the security specialist to continuously monitor and measure configuration changes for new and existing resources running on AWS.
Option C: Create a Lambda function to get the security data in Trusted Advisor periodically. Trigger an SNS notification if a security problem is detected.
Trusted Advisor is a service that provides best practices and guidance for AWS resources. Trusted Advisor also provides security checks to identify security vulnerabilities and potential security risks in the AWS environment. The security specialist can create a Lambda function to get the security data in Trusted Advisor periodically and trigger an SNS notification if a security problem is detected. However, this option is not the most efficient or effective way to monitor the security posture of the AWS environment, as it only provides periodic checks and does not continuously monitor for configuration changes.
Option D: Divide AWS resources into different categories of products. Manage all products in AWS Service Catalog and measure if there are any security issues.
AWS Service Catalog is a service that enables customers to create and manage catalogs of IT services that are approved for use on AWS. The security specialist can divide AWS resources into different categories of products, manage all products in AWS Service Catalog, and measure if there are any security issues. However, this option is not the most efficient or effective way to monitor the security posture of the AWS environment, as it does not continuously monitor for configuration changes or provide real-time alerts for security issues.
In summary, Options A and B are the most effective ways to quickly understand if the existing underlying AWS infrastructure meets the security compliance regulations of the company and to continuously monitor and measure configuration changes for new and existing resources running on AWS. Option C provides periodic security checks, while Option D is not the most efficient or effective way to monitor the security posture of the AWS environment.