PCCSE · Question #116
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible. Which action should the SOC take to
The correct answer is D. Enable "AWS RDS database instance is publicly accessible" policy and add policy to an auto-. The correct action is to enable the 'AWS RDS database instance is publicly accessible' policy and add it to an auto-remediation alert rule. This approach is best practice for two reasons: (1) it uses the correct RDS-specific policy rather than an S3 policy (eliminating options A
Question
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible. Which action should the SOC take to follow security best practices?
Options
- AEnable "AWS S3 bucket is publicly accessible" policy and manually remediate each alert.
- BEnable "AWS RDS database instance is publicly accessible" policy and for each alert, check that
- CEnable "AWS S3 bucket is publicly accessible" policy and add policy to an auto-remediation alert
- DEnable "AWS RDS database instance is publicly accessible" policy and add policy to an auto-
How the community answered
(30 responses)- A10% (3)
- B3% (1)
- C3% (1)
- D83% (25)
Explanation
The correct action is to enable the 'AWS RDS database instance is publicly accessible' policy and add it to an auto-remediation alert rule. This approach is best practice for two reasons: (1) it uses the correct RDS-specific policy rather than an S3 policy (eliminating options A and C immediately - those reference S3 bucket policies, which are irrelevant to RDS); and (2) auto-remediation ensures that any current AND future violations are automatically corrected without manual intervention, providing continuous compliance. Option B uses the right RDS policy but relies on manual remediation for each alert, which is slower and does not prevent future misconfigurations. Auto-remediation via an alert rule enforces the control at scale across all production RDS instances.
Topics
Community Discussion
No community discussion yet for this question.