Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam DOP-C02 Topic 6 Question 22 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 22
Topic #: 6
[All DOP-C02 Questions]

A security team is concerned that a developer can unintentionally attach an Elastic IP address to an Amazon EC2 instance in production. No developer should be allowed to attach an Elastic IP address to an instance. The security team must be notified if any production server has an Elastic IP address at any time

How can this task be automated'?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Ashton
7 months ago
That's a valid point, Option C does offer a proactive approach to prevent unauthorized attachment of Elastic IP addresses
upvoted 0 times
...
Nathalie
7 months ago
I prefer option C. It ensures that developer 1AM groups do not have associate-address permissions and includes a scheduled Lambda function for checking
upvoted 0 times
...
Lashawnda
7 months ago
I agree with Using CloudTrail logs to monitor and Lambda function to disassociate the Elastic IP address seems efficient
upvoted 0 times
...
Ashton
7 months ago
I think option A is the best approach as it involves using CloudTrail logs and Lambda function to automate the task
upvoted 0 times
...
Maricela
8 months ago
We can create a custom rule in AWS Config to monitor for that and alert the security team.
upvoted 0 times
...
Cordie
8 months ago
What about checking if an IP address is associated with a production instance?
upvoted 0 times
...
Maricela
8 months ago
We could attach an 1AM policy to the developers' group to prevent them from attaching IP addresses.
upvoted 0 times
...
Cordie
8 months ago
That sounds good. What about using 1AM policies to deny associate-address permissions?
upvoted 0 times
...
Maricela
8 months ago
We can use Amazon Athena to query CloudTrail logs and create a Lambda function to disassociate the IP address.
upvoted 0 times
Dick
8 months ago
D) Create an AWS Config rule to check that all production instances have EC2 1AM roles that include deny associate-address permissions Verify whether there is an Elastic IP address associated with any instance, and alert the security team if an instance has an Elastic IP address associated with it.
upvoted 0 times
...
Sommer
8 months ago
C) Ensure that all 1AM groups associated with developers do not have associate-address permissions. Create a scheduled AWS Lambda function to check whether an Elastic IP address is associated with any instance tagged as production, and alert the secunty team if an instance has an Elastic IP address associated with it.
upvoted 0 times
...
Natalya
8 months ago
B) Attach an 1AM policy to the developers' 1AM group to deny associate-address permissions Create a custom AWS Config rule to check whether an Elastic IP address is associated with any instance tagged as production, and alert the security team.
upvoted 0 times
...
Stanford
8 months ago
A) Use Amazon Athena to query AWS CloudTrail logs to check for any associate-address attempts Create an AWS Lambda function to disassociate the Elastic IP address from the instance, and alert the security team.
upvoted 0 times
...
...
Cordie
8 months ago
How can we automate the task of preventing developers from attaching Elastic IP addresses to production instances?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77