Topic 1 Question 478
A company is deploying a new application on AWS. The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository. The EKS cluster has an AWS managed node group.
The company's security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities.
Which solution will meet this requirement with the LEAST operational overhead?
Activate AWS Security Hub. Configure Security Hub to scan the EKS nodes and the ECR repository.
Activate Amazon Inspector to scan the EKS nodes and the ECR repository.
Launch a new Amazon EC2 instance and install a vulnerability scanning tool from AWS Marketplace. Configure the EC2 instance to scan the EKS nodes. Configure Amazon ECR to perform a basic scan on push.
Install the Amazon CloudWatch agent on the EKS nodes. Configure the CloudWatch agent to scan continuously. Configure Amazon ECR to perform a basic scan on push.
ユーザの投票
コメント(12)
- 正解だと思う選択肢: B
You can use Amazon Inspector to check for unintended network accessibility of your nodes and for vulnerabilities on those Amazon EC2 instances. https://docs.aws.amazon.com/eks/latest/userguide/configuration-vulnerability-analysis.html
👍 4Zas12024/04/13 - 正解だと思う選択肢: B
Security hub integrates many Security features but the scaning itself is done by Amazon Inspector so going for B.
👍 4teo21572024/04/15 - 正解だと思う選択肢: B
A -> False. Security Hub is just a Finding aggregator of other services like AWS config, Inspector, Macie, ..., even security hub controls are in the end config rules. B -> True. Inspector scans EC2, ECR, lambda functions (either layer analysis, either deep scan of the code), ... C -> False. Has a lot of effort. Plus "perform a basic scan on push" is a deprecated thing, inspector should be used. D -> False. CW Agent does not report vulns. Inspector uses SSM Agent to perform vulnerability scans. Plus "perform a basic scan on push" is a deprecated thing, inspector should be used.
👍 4blackname2024/05/23
シャッフルモード