A company uses AWS Lambda functions to implement application logic. The company uses an o…

Question

A company uses AWS Lambda functions to implement application logic. The company uses an organization in AWS Organizations to manage hundreds of AWS accounts. The company needs to implement a solution to continuously monitor the Lambda functions for vulnerabilities in all accounts. The solution must publish detected issues to a dashboard. Lambda functions that are being tested or are in development must not appear on the dashboard. Which combination of steps will meet these requirements? (Choose two.)

Accepted Answer

Correct answer: B, C. B. Designate a delegated Amazon Inspector administrator account in the organization’s management account. Use the Amazon Inspector dashboard to obtain an overview of Lambda functions that have vulnerabilities. — C. Apply tags of “test” or “development” to all Lambda functions that are in testing or development. Use a suppression filter that suppresses findings that contain these tags. — The correct answer is B and C. Designating a delegated Amazon Inspector administrator account allows for the comprehensive monitoring of Lambda functions across all accounts, while applying specific tags to functions in development or testing ensures those functions are excluded from the vulnerability findings. Option A is incorrect as GuardDuty is not specifically designed for Lambda vulnerabilities, and options D and E do not meet the requirement of effectively monitoring Lambda functions for vulnerabilities in the specified manner.

AWS Certified Security – Specialty (SCS-C02) — Question 261

Answer options

Correct answer: B, C

Explanation