SCS-C02 Question #439: Real Exam Question with Answer & Explanation

Question

A company uses AWS Lambda functions to implement application logic. The company uses an organization in AWS Organizations to manage hundreds of AWS accounts. The company needs to implement a solution to continuously monitor the Lambda functions for vulnerabilities in all accounts. The solution must publish detected issues to a dashboard. Lambda functions that are being tested or are in development must not appear on the dashboard. Which combination of steps will meet these requirements? (Choose two.)

Options

• ADesignate a delegated Amazon GuardDuty administrator account in the organization's
• BDesignate a delegated Amazon Inspector administrator account in the organization's
• CApply tags of "test" or "development" to all Lambda functions that are in testing or development.
• DEnable AWS Shield Advanced in the organization's management account. Use Amazon
• EEnable Lambda Protection in GuardDuty for all accounts. Auto-enable Lambda Protection for new

Explanation

Amazon Inspector is a service designed to automatically scan and continuously monitor AWS Lambda functions for vulnerabilities. By designating a delegated Amazon Inspector administrator account, you can centrally manage vulnerability scanning and view the findings across all accounts using the Amazon Inspector dashboard. This dashboard provides an overview of vulnerabilities affecting Lambda functions. To exclude Lambda functions in testing or development stages from appearing on the dashboard, you can apply tags such as "test" or "development" to these Lambda functions. By creating a suppression filter, you can suppress findings based on these tags, ensuring that only production Lambda functions are included in the vulnerability findings reported on the dashboard.

No community discussion yet for this question.