While conducting a cloud assessment, a security analyst performs a Prowler scan, which generates the following within the report: Based on the Prowler report, which of the following is the BEST recommendation?
Prowler is a tool that can scan AWS environments for security issues and compliance violations. The Prowler report shows that there are two access keys for CloudDev user: access key 1 and access key 2. Access key 1 has not been used in more than 90 days, which violates the AWS CIS benchmark 1.4 (Ensure access keys are rotated every 90 days or less). Therefore, the best recommendation is to delete access key 1 and use access key 2 instead. Deleting CloudDev access key 1, deleting BusinessUsr access key 1, or deleting access key 2 are not appropriate recommendations based on the Prowler report. Reference: https://github.com/toniblyx/prowler
I initially thought that it is D but after seeing everyone's points, I'm changing it to B.
Correct me if im wrong but the pass/fail criteria depends on the first line: "Ensure credentials unused for 30 days or great are disabled"
Due to this, I understand that "no users found with access key 2 enabled" passed because the credentials/access key 2 is disabled. Hence, the only option that we need to take action is B.
absabs, you're misinterpreting what Pass and Fail mean (somehow)
These are Pass or Fail checks that the system is passing or failing if you will on a security basis. The businessUsr key isn't being used or rotated. That is the security concern and that is what needs to be fixed.
CloudDev hasn't been used since creation but there's no saying when the key was created but it could've been less than 30 days ago
businessur has never used access key 1 (FAIL) -> he/she used it. Why you want delete the used key?
No users found with access key 2 enabled? (PASS) -> so nobody using them. for reduce attack surface, i delete them.
If i am wrong, discuss with me? i going with D
Those seem to be pre-written rules to audit things they expect. If they set "businessuser" should not be accessing using key 1 it's because they probably expect to have a "pass" in this point, but surpriseee it failed. So they need to disable that one asap. Maybe I'm wrong but I'm using that logic.
i think D, why ?
cause you have remove unused keys first then go to used keys and investigate them.
it's like closing the unused ports first then invisitage the used ports if they should be closed or still opened
No your reasoning does not make sense. It states Key 2 is not enabled/ not being used.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
skibby16
1 year, 7 months ago[Removed]
1 year, 10 months agokyky
2 years agoFibonacci_i
2 years, 1 month agoIAlonsoAck
2 years, 2 months agokhrid4
2 years, 3 months ago2Fish
2 years, 3 months agoAaronS1990
2 years, 4 months agoabsabs
2 years, 4 months agodb97
2 years, 4 months agoknister
2 years, 5 months agoR00ted
2 years, 9 months agosh4dali
2 years, 9 months agoTheSkyMan
2 years, 9 months agocyberseckid
2 years, 9 months agoamateurguy
2 years, 9 months agodavid124
2 years, 10 months agosh4dali
2 years, 9 months ago