Exam AWS-SysOps topic 1 question 539 discussion

A should not be correct as Amazon Inspector checks the vulnerabilities for EC2 instances only. Not for RDS

Answer should be B and E

B. Review the security group's inbound access rules for least privilege: It is important to review and ensure that the security group associated with the RDS instances has appropriate inbound access rules configured. This involves following the principle of least privilege, where only necessary and authorized sources are allowed to access the RDS instances. E. Report on the Parameter Group settings and ensure that encrypted connections are enforced: Parameter Groups in Amazon RDS are used to configure database engine settings. It is important to review the Parameter Group settings and ensure that encrypted connections (SSL/TLS) are enforced to secure the data in transit between the client and the RDS instances.

A: Inspector only work for EC2 B. restrict SG inbound with least privilege is correct C. Cloudtrail is for monitoring D. Cat command not relevent E. Connection encryption is correct Answer: B & E

https://www.mssqltips.com/sqlservertip/5967/enforce-ssl-for-connecting-to-aws-rds-instance-of-sql-server/

A is not possible since we need to install an agent on the EC2 instance, which we cant do it on RDS. So I will go with B and E as well.

BE - RDS are managed by AWS only security group and parameters like ssl can by adjusted

BE are correct

A is most probably correct . As per AWS doc. " Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.". I would say this among very early step to harden