ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 244 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 244
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has used AWS Lambda functions to build an application on AWS. The company’s security engineer implemented Amazon Inspector and activated Lambda standard scanning and Lambda code scanning.

The security engineer reviews the Amazon Inspector console and learns that Amazon Inspector is not scanning some of the Lambda functions. The provided reason is that the scan eligibility expired.

What should the security engineer do to investigate the reason that the scans are failing?

  • A. Validate that the AmazonInspector2ServiceRolePolicy AWS managed policy grants permissions to access Lambda.
  • B. Increase the timeout value of the Lambda functions to complete the scans successfully while the code is running.
  • C. Build a custom runtime for the unscanned Lambda functions. Include the Amazon Inspector agent in the runtime.
  • D. Determine whether the unscanned Lambda functions have been invoked in the last 90 days.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by IPLogic at Dec. 5, 2024, 6:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
m_ch333
3 months, 3 weeks ago
Selected Answer: D
D. Upon activation, Amazon Inspector scans all Lambda functions invoked or updated in the last 90 days in your account. https://docs.aws.amazon.com/inspector/latest/user/scanning-lambda.html#lambda-scan-behavior
upvoted 1 times
...
IPLogic
4 months, 3 weeks ago
Selected Answer: D
To investigate the reason that some Lambda functions are not being scanned due to scan eligibility expiring, the security engineer should: D. Determine whether the unscanned Lambda functions have been invoked in the last 90 days. Amazon Inspector's eligibility for scanning Lambda functions is typically based on activity. If a Lambda function has not been invoked in the last 90 days, it may no longer be eligible for scanning. This helps ensure that only active and potentially vulnerable functions are scanned, optimizing resource usage and focusing on functions that are in use.
upvoted 2 times
IPLogic
4 months, 3 weeks ago
Option A (Validate policy permissions) is good practice but does not address the specific issue of expired scan eligibility. Option B (Increase timeout value) deals with function execution duration, not scanning eligibility. Option C (Build a custom runtime) is unnecessary for this issue, as standard eligibility rules are based on function invocation, not runtime customization. By focusing on the invocation activity of the Lambda functions, you can determine if their lack of recent use is causing the scan eligibility to expire.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago