Exam AWS Certified Cloud Practitioner topic 1 question 548 discussion

C. Perform penetration testing. AWS provides customers with the ability to conduct security assessments of Amazon EC2 instances, NAT gateways, and Elastic Load Balancers through penetration testing. Penetration testing, also known as "pen testing" is a simulated cyber attack against your own systems, in order to evaluate the security of your infrastructure. This can be done using approved tools and methodologies, such as those provided by the AWS Penetration Testing Program.

C. Perform penetration testing. "Customer Service Policy for Penetration Testing Permitted Services Amazon EC2 instances, WAF, NAT Gateways, and Elastic Load Balancers Amazon RDS Amazon CloudFront" https://aws.amazon.com/security/penetration-testing/

B. Use Amazon Inspector. Amazon Inspector is an AWS service that helps assess the security and compliance of applications running on Amazon EC2 instances. It provides automated security assessments by analyzing the behavior of your resources and identifying vulnerabilities, deviations from best practices, and common security issues.

Option B, using Amazon Inspector, is the correct answer. Conducting penetration testing or flooding a target with requests without prior authorization from AWS is not allowed and may result in the suspension or termination of the user's AWS account. The AWS Service Health Dashboard provides information on the current status and health of AWS services but does not offer security assessment capabilities.

UPDATE! I ran another ChaGPT with Amazon URL https://aws.amazon.com/security/penetration-testing/ and C is the correct answer. With the updated information from the AWS Penetration Testing Guidelines, it is now possible for AWS users to conduct penetration testing of their Amazon EC2 instances, NAT gateways, and Elastic Load Balancers with prior approval from AWS. So the correct answer would be: C C. Perform penetration testing (with prior authorization from AWS, and following their guidelines and restrictions). With the updated information from the AWS Penetration Testing Guidelines, it is now possible for AWS users to conduct penetration testing of their Amazon EC2 instances, NAT gateways, and Elastic Load Balancers with prior approval from AWS. So the correct answer would be: C. Perform penetration testing (with prior authorization from AWS, and following their guidelines and restrictions).

From ChatGPT. The answer is B. Amazon Inspector To conduct security assessments of Amazon EC2 instances, NAT gateways, and Elastic Load Balancers in a way that is approved by AWS, users can use Amazon Inspector. Amazon Inspector is an automated security assessment service that can help users test the security of their AWS resources. It can identify security vulnerabilities and deviations from best practices in Amazon EC2 instances, NAT gateways, and Elastic Load Balancers. Performing penetration testing or flooding a target with requests is not an approved method for conducting security assessments on AWS resources. AWS has strict policies and guidelines on how security testing can be done on their platform to ensure the safety and security of their customers' data and resources. Users who wish to conduct security assessments on AWS resources should follow the guidelines set forth by AWS to avoid any violation of their policies.

Use Amazon Inspector

The correct answer to the question is: B. Use Amazon Inspector. Amazon Inspector is an AWS service that automatically assesses applications for vulnerabilities or deviations from best practices. It analyzes the behavior of applications in order to detect security issues and helps to identify potential security vulnerabilities in EC2 instances, NAT gateways, and Elastic Load Balancers. Penetration testing can be conducted on AWS resources with prior approval from AWS

Perform penetration testing. https://aws.amazon.com/security/penetration-testing/

C is the answer.

B - Amazon Inspector is a vulnerability management service that continuously scans your AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers and scans running Amazon EC2 instances, container images in Amazon Elastic Container Registry (Amazon ECR), and AWS Lambda functions for known software vulnerabilities and unintended network exposure.