Topic 1 Question 249
2 つ選択A company uses AWS Lambda functions to implement application logic. The company uses an organization in AWS Organizations to manage hundreds of AWS accounts.
The company needs to implement a solution to continuously monitor the Lambda functions for vulnerabilities in all accounts. The solution must publish detected issues to a dashboard. Lambda functions that are being tested or are in development must not appear on the dashboard.
Which combination of steps will meet these requirements?
Designate a delegated Amazon GuardDuty administrator account in the organization’s management account. Use the GuardDuty Summary dashboard to obtain an overview of Lambda functions that have vulnerabilities.
Designate a delegated Amazon Inspector administrator account in the organization’s management account. Use the Amazon Inspector dashboard to obtain an overview of Lambda functions that have vulnerabilities.
Apply tags of “test” or “development” to all Lambda functions that are in testing or development. Use a suppression filter that suppresses findings that contain these tags.
Enable AWS Shield Advanced in the organization’s management account. Use Amazon CloudWatch to build a dashboard for Lambda functions that have vulnerabilities.
Enable Lambda Protection in GuardDuty for all accounts. Auto-enable Lambda Protection for new accounts. Apply a tag to the Lambda functions that are in testing or development. Use GuardDutyExclusion as the tag key and LambdaStandardScanning as the tag value.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: BC
It seems like B & C. AWS Inspector: For vulnerabilities and AWS Inspector dashboard. Tags: To exclude test & development Lambda functions.
👍 1Bachhu2025/01/02
シャッフルモード