The company you work for has a huge amount of infrastructure built on AWS.
However, there have been some concerns recently about the security of this infrastructure.
An external auditor has been given the task of running a thorough check of all of your company's AWS assets.
The auditor will be in the USA while your company's infrastructure resides in the Asia Pacific (Sydney) region on AWS.
Initially, he needs to check all of your VPC assets, specifically security groups and NACLs You have been assigned the task of providing the auditor with a login to be able to do this.
Which of the following would be the best and most secure solution to provide the auditor to begin his initial investigations? Choose the correct answer from the options below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
Generally, you should refrain from giving high-level permissions and give only the required permissions.
In this case, option C fits well by just providing the relevant access which is required.
For more information on IAM, please see the below link:
https://aws.amazon.com/iam/The best and most secure solution to provide the auditor with access to check the company's VPC assets while ensuring the security of the infrastructure is option C: Create an IAM user who will have read-only access to your AWS VPC infrastructure and provide the auditor with those credentials.
Explanation: Option A is not the best solution because it involves giving the auditor an administrator role, which would grant them broad access to the AWS infrastructure. It also suggests using Multi-Factor Authentication (MFA), which is a good security measure but not necessary for read-only access.
Option B is not the best solution because giving someone root access to the AWS infrastructure is never recommended, even if they are an auditor. Root access grants complete control over all AWS services and resources, which could be dangerous in the wrong hands.
Option D is not the best solution because it involves granting the auditor full VPC access, which could lead to accidental modifications if they are not familiar with the infrastructure. Additionally, the condition set may not be foolproof as IP addresses can be spoofed, making it a less secure option.
Therefore, option C is the best solution because it provides the auditor with read-only access to the company's AWS VPC infrastructure, which allows them to view and inspect the resources without being able to make any modifications. This approach is secure because it limits the auditor's access to only what is necessary for the task at hand, reducing the risk of accidental or intentional damage to the infrastructure.