AWS Certified SysOps Administrator – Associate (legacy) — Question 906

The InfoSec team has asked the SysOps Administrator to perform some hardening on the company Amazon RDS database instances.
Based on this requirement, what actions should be recommended for the start of the security review? (Choose two.)

Answer options

• A. Use Amazon Inspector to present a detailed report of security vulnerabilities across the RDS database fleet
• B. Review the security group's inbound access rules for least privilege
• C. Export AWS CloudTrail entries detailing all SSH activity on the RDS instances
• D. Use the cat command to enumerate the allowed SSH keys in ~/.ssh on each RDS instance
• E. Report on the Parameter Group settings and ensure that encrypted connections are enforced

Correct answer: A, E

Explanation

Using Amazon Inspector allows administrators to generate detailed reports on potential security vulnerabilities across the database fleet, while auditing Parameter Group settings ensures critical security controls like SSL/TLS encrypted connections are strictly enforced. Options involving SSH are incorrect because Amazon RDS is a fully managed service that does not permit direct OS-level SSH access to users.