AWS Certified Cloud Practitioner — Question 379

How can an AWS user conduct security assessments of Amazon EC2 instances, NAT gateways, and Elastic Load Balancers in a way that is approved by AWS?

Answer options

• A. Flood a target with requests.
• B. Use Amazon Inspector.
• C. Perform penetration testing.
• D. Use the AWS Service Health Dashboard.

Correct answer: C

Explanation

AWS allows customers to carry out penetration testing on specific resources like Amazon EC2 instances, NAT gateways, and Elastic Load Balancers without prior authorization, provided they adhere to the AWS Customer Agreement. Conversely, flooding targets with requests is a prohibited denial-of-service action, Amazon Inspector is a vulnerability scanner rather than a comprehensive security assessment method for all these resources, and the AWS Service Health Dashboard only monitors general service availability.