Topic 1 Question 244
A company has used AWS Lambda functions to build an application on AWS. The company’s security engineer implemented Amazon Inspector and activated Lambda standard scanning and Lambda code scanning.
The security engineer reviews the Amazon Inspector console and learns that Amazon Inspector is not scanning some of the Lambda functions. The provided reason is that the scan eligibility expired.
What should the security engineer do to investigate the reason that the scans are failing?
Validate that the AmazonInspector2ServiceRolePolicy AWS managed policy grants permissions to access Lambda.
Increase the timeout value of the Lambda functions to complete the scans successfully while the code is running.
Build a custom runtime for the unscanned Lambda functions. Include the Amazon Inspector agent in the runtime.
Determine whether the unscanned Lambda functions have been invoked in the last 90 days.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: D
To investigate the reason that some Lambda functions are not being scanned due to scan eligibility expiring, the security engineer should:
D. Determine whether the unscanned Lambda functions have been invoked in the last 90 days.
Amazon Inspector's eligibility for scanning Lambda functions is typically based on activity. If a Lambda function has not been invoked in the last 90 days, it may no longer be eligible for scanning. This helps ensure that only active and potentially vulnerable functions are scanned, optimizing resource usage and focusing on functions that are in use.
👍 2IPLogic2024/12/05 - 正解だと思う選択肢: D
D. Upon activation, Amazon Inspector scans all Lambda functions invoked or updated in the last 90 days in your account. https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-scan-behavior
👍 1m_ch3332025/01/04
シャッフルモード