Based on this requirement, what actions should be recommended for the start of the security review?
(Choose two.)
Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet
Review the security group’s inbound access rules for least privilege
Export AWS CloudTrail entries detailing all SSH activity on the RDS instances
Use the cat command to enumerate the allowed SSH keys in ~/.ssh on each RDS instance
Report on the Parameter Group settings and ensure that encrypted connections are enforced
Explanations:
Amazon Inspector is not directly applicable to RDS instances. It is used for assessing EC2 instances for vulnerabilities, but does not support RDS for detailed vulnerability assessments.
Reviewing the security group’s inbound access rules ensures that only necessary and minimal access is allowed to RDS instances, following the principle of least privilege.
AWS CloudTrail records API calls, but it does not log SSH activity on RDS instances, since RDS is a managed service and does not allow direct SSH access.
RDS instances do not provide direct SSH access, so using thecatcommand to enumerate SSH keys is not applicable to RDS.
Reviewing the Parameter Group settings ensures that encrypted connections (e.g., SSL/TLS) are enforced for secure communication with the RDS instance.
I measure that the answer is:
Review the security group’s inbound access rules for least privilege
I deduce that the answer is:
Review the security group’s inbound access rules for least privilege