What should the security engineer do to meet these requirements with the LEAST amount of effort?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A company has identified two security concerns.One concern is unencrypted Amazon Elastic Block Store (Amazon EBS) volumes.The other concern is public IP addresses that are assigned to Amazon EC2 instances.A security engineer must build a solution to prevent and remediate these security issues.

What should the security engineer do to meet these requirements with the LEAST amount of effort?

Use AWS CloudTrail to monitor accounts for noncompliant configurations. Use AWS Lambda functions to evaluate configuration state and perform automated remediation actions.

Use AWS Config rules to monitor accounts for noncompliant configurations. Use AWS Systems Manager Automation to perform automated remediation actions.

Use Amazon GuardDuty to monitor accounts for noncompliant configurations. Use AWS Lambda function to perform automated remediation actions.

Use AWS Systems Manager Compliance to monitor accounts for noncompliant configurations. Use Systems Manager Automation to perform automated remediation actions.

Explanations:

AWS CloudTrail monitors API activity, not configuration compliance. Lambda can perform remediation, but this approach is not ideal for configuration monitoring.

AWS Config rules can monitor noncompliant configurations. AWS Systems Manager Automation can automatically remediate issues. This is the most efficient solution for the given task.

Amazon GuardDuty is used for threat detection, not configuration monitoring. Lambda can perform remediation, but GuardDuty is not designed for this purpose.

AWS Systems Manager Compliance tracks patch compliance, not configuration compliance for services like EBS or EC2. Automation can remediate, but it is not ideal for configuration monitoring.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − 11 =