AWS Config
A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user's IAM permissions in the case of a security incident.
How can this be accomplished?
- A. Use AWS Config to review the IAM policy assigned to users before and after the incident. Most Voted
Link tham vấn : https://aws.amazon.com/blogs/security/how-to-record-and-govern-your-iam-resource-configurations-using-aws-config/
During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times.
What could have been done to detect and automatically remediate the incident?
- => Using AWS Config, create a config rule that detects when AWS CloudTrail is disabled, as well as any calls to the root user create-api-key. Then use a Lambda function to re-enable CloudTrail logs and deactivate the root API keys.
Link tham vấn :
https://docs.aws.amazon.com/config/latest/developerguide/cloudtrail-enabled.html
https://docs.aws.amazon.com/config/latest/developerguide/iam-root-access-key-check.html
A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.
What is the most efficient way to remediate the risk of this activity?
What is the most efficient way to remediate the risk of this activity?
=> Use AWS Config rules to detect 0.0.0.0/0 and invoke an AWS Lambda function to update the security group with the organization's firewall IP.
Link tham vấn:
https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to-amazon-ec2-security-groups/
A company's security policy requires that VPC Flow Logs are enabled on all VPCs. A Security Engineer is looking to automate the process of auditing the VPC resources for compliance.
What combination of actions should the Engineer take? (Choose two.)
What combination of actions should the Engineer take? (Choose two.)
=> Create an AWS Lambda function that determines whether Flow Logs are enabled for a given VPC.
=> Create an AWS Config custom rule, and associate it with an AWS Lambda function that contains the evaluating logic.
Link tham vấn:
https://medium.com/mudita-misra/how-to-audit-your-aws-resources-for-security-compliance-by-using-custom-aws-config-rules-2e53b09006de