Prisma Certified Cloud Security Engineer (PCCSE) — Question 44

A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.

Which action should the SOC take to follow security best practices?

Answer options

• A. Enable “AWS S3 bucket is publicly accessible” policy and manually remediate each alert.
• B. Enable “AWS RDS database instance is publicly accessible” policy and for each alert, check that it is a production instance, and then manually remediate.
• C. Enable “AWS S3 bucket is publicly accessible” policy and add policy to an auto-remediation alert rule.
• D. Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.

Correct answer: D

Explanation

The correct answer is D because enabling the 'AWS RDS database instance is publicly accessible' policy and adding it to an auto-remediation alert rule ensures that any publicly accessible RDS instances are automatically remediated. Options A and C incorrectly address S3 buckets, which are not relevant to the RDS instance issue. Option B requires manual verification for production instances, which is less efficient than an automated approach.