Amendment required for Practice Exam 8

kananinirav / AWS-Certified-Cloud-Practitioner-Notes

AWS Certified Cloud Practitioner Short Notes And Practice Exams (CLF-C02)

https://kananinirav.com/

MIT License

1.95k stars 679 forks source link

Amendment required for Practice Exam 8 #250

Open rebeus opened 2 months ago

rebeus commented 2 months ago

Which of the following steps should be taken by a customer when conducting penetration testing on AWS?

A. Conduct penetration testing using Amazon Inspector, and then notify AWS support.
B. Request and wait for approval from the customer’s internal security team, and then conduct testing.
C. Notify AWS support, and then conduct testing immediately.
D. Request and wait for approval from AWS support, and then conduct testing.
Answer
Correct answer: D

Correct answer: B

It should be B because i've read that certain services don't require prior approval from AWS.

rebeus commented 2 months ago

@kananinirav @alessiobennardo what are your thoughts on the above? Can the answer to the question be updated?

kananinirav commented 2 months ago

@rebeus

According to my understanding, correct answer is D

AWS has specific policies for penetration testing, which include obtaining approval from AWS itself for certain types of tests on their infrastructure. This is separate from any internal approvals that may be required by the customer’s own security team.
AWS requires notification and approval to prevent any confusion between legitimate penetration tests and actual security threats. This also helps AWS monitor and ensure that testing does not adversely affect their services or other customers.
Therefore, while internal approval from the customer’s security team might be necessary as part of the customer’s own processes, it is not sufficient on its own. Approval from AWS is mandatory for certain types of penetration testing activities, making D the correct answer.

rebeus commented 2 months ago

@kananinirav - Thanks for that, in that case, the explanation you've provided should be appended to that answer of that question to help others if they are thinking the same way as I initially did. Could you do that for me please?

dasari-mohana commented 3 weeks ago

Hello, I believe Option C (Notify AWS support, and then conduct testing immediately) is the right answer Please refer to this link where they clearly mentionion that you do not need prior approval for penetration testing.

(https://repost.aws/knowledge-center/penetration-testing#:~:text=You%20don%27t%20need%20approval%20from%20AWS%20to%20run%20penetration%20tests%20against%20or%20from%20resources%20on%20your%20AWS%20account)

Correct me if I am wrong.