Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Amendment required for Practice Exam 8 #250

Open
rebeus opened this issue Sep 4, 2024 · 4 comments
Open

Amendment required for Practice Exam 8 #250

rebeus opened this issue Sep 4, 2024 · 4 comments

Comments

@rebeus
Copy link

rebeus commented Sep 4, 2024 

Which of the following steps should be taken by a customer when conducting penetration testing on AWS?

A. Conduct penetration testing using Amazon Inspector, and then notify AWS support.
B. Request and wait for approval from the customer’s internal security team, and then conduct testing.
C. Notify AWS support, and then conduct testing immediately.
D. Request and wait for approval from AWS support, and then conduct testing.
Answer
Correct answer: D

Correct answer: B

It should be B because i've read that certain services don't require prior approval from AWS.
@rebeus
Copy link
Author

rebeus commented Sep 4, 2024

@kananinirav @alessiobennardo what are your thoughts on the above?
Can the answer to the question be updated?

@kananinirav
Copy link
Owner

@rebeus

According to my understanding, correct answer is D

  • AWS has specific policies for penetration testing, which include obtaining approval from AWS itself for certain types of tests on their infrastructure. This is separate from any internal approvals that may be required by the customer’s own security team.
  • AWS requires notification and approval to prevent any confusion between legitimate penetration tests and actual security threats. This also helps AWS monitor and ensure that testing does not adversely affect their services or other customers.
  • Therefore, while internal approval from the customer’s security team might be necessary as part of the customer’s own processes, it is not sufficient on its own. Approval from AWS is mandatory for certain types of penetration testing activities, making D the correct answer.

@rebeus
Copy link
Author

rebeus commented Sep 14, 2024

@kananinirav - Thanks for that, in that case, the explanation you've provided should be appended to that answer of that question to help others if they are thinking the same way as I initially did.
Could you do that for me please?

@dasari-mohana
Copy link

dasari-mohana commented Nov 2, 2024
edited
Loading

Hello, I believe Option C (Notify AWS support, and then conduct testing immediately) is the right answer
Please refer to this link where they clearly mentionion that you do not need prior approval for penetration testing.

(https://repost.aws/knowledge-center/penetration-testing#:~:text=You%20don%27t%20need%20approval%20from%20AWS%20to%20run%20penetration%20tests%20against%20or%20from%20resources%20on%20your%20AWS%20account)

Correct me if I am wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kananinirav @rebeus @dasari-mohana