Mandatory Parameters for Amazon Inspector Assessment Template Creation
Question
An engineering firm has launched a large number of Amazon EC2 instances for installing new applications.
New Application is critical for this firm and requires security best practices for the instances.
Security Lead is setting up Amazon Inspector on these instances and is seeking your help to create an assessment template. Which parameters are mandatory for creating an assessment template with Amazon Inspector? (Select TWO)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: C and E.
An assessment template for Amazon Inspector consists of the following parameters.
Name.
Target Name.
Rules Package.
Duration.
Optional Parameters are.
SNS Topics.
Tag.
Attributes added to findings.
Assessment Schedule.
Option A is incorrect as the Amazon EC2 IP address is not required in the assessment template.
Target EC2 instance is defined in target name.
Option B is incorrect as Attributes are optional components of the Assessment template.
Option D is incorrect as the SQS topic is an invalid component of the Assessment template.
Try out the Lab on tests: Find vulnerabilities on EC2 instance using Amazon Inspector.
https://play.tests.com/site/task_details?lab_type=1&task_id=203&quest_id=37For more information on creating an assessment template with Amazon Inspector, refer to the following URLs,
https://aws.amazon.com/inspector/faqs/ https://docs.aws.amazon.com/inspector/latest/userguide/inspector_assessments.html
The Amazon Inspector is a security assessment service that automatically assesses applications for vulnerabilities or deviations from security best practices. It analyzes the behavior of EC2 instances, their network configuration, and operating systems to identify security issues. The security lead needs to create an assessment template for the EC2 instances to be scanned.
An assessment template is a collection of rules packages, which are a set of rules for evaluating the security configuration of an EC2 instance. The rules packages contain a set of rules that check for specific security issues or compliance requirements.
Therefore, the mandatory parameters for creating an assessment template with Amazon Inspector are:
C. Rules Package: It is mandatory to select at least one Rules Package to assess the instance. Amazon Inspector provides various pre-built rules packages for common security issues such as Common Vulnerabilities and Exposures (CVEs), Network Security Best Practices, and Application Security Best Practices. The security lead can choose one or more rules packages that apply to the specific application and environment.
E. Duration: It is mandatory to set the duration for the assessment run. The duration specifies the amount of time Inspector should run the assessment on the EC2 instances. The duration can range from 15 minutes to 24 hours. The security lead can choose the duration based on the number of EC2 instances, the complexity of the application, and the urgency of the assessment.
The other answer options are not mandatory parameters for creating an assessment template with Amazon Inspector:
A. Amazon EC2 Instance IP address: The security lead does not need to specify the IP address of the EC2 instances. Amazon Inspector automatically discovers and assesses all instances that are associated with the AWS account.
B. Attributes: The security lead can add custom attributes to the assessment template to group the EC2 instances based on common attributes such as application name, environment, or business unit. However, this is not a mandatory parameter for creating an assessment template.
D. SQS Topic: The security lead can choose to receive assessment notifications through an Amazon Simple Queue Service (SQS) topic. However, this is not a mandatory parameter for creating an assessment template.
