Q43 — AWS SCS-C02 Ch.1

Question 43 of 100 | ← Chapter 1

The security engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances. The application has become the target of increasing numbers of malicious attacks from the internet. What steps should the security engineer take to check for known vulnerabilities and limit the attack surface? (Choose two.)

Correct Answer: B. Review the application security groups to ensure that only the necessary ports are open.  , D. Use Amazon Inspector to periodically scan the backend instances.  

Explanation

题干涉及在AWS EC2上运行的三层Web应用应对恶意攻击,需检查漏洞并减少攻击面。选项B对应最小权限原则,通过安全组限制开放端口以减少潜在攻击入口,此为网络安全基础(AWS安全最佳实践)。选项D关联漏洞评估,Amazon Inspector专用于自动扫描实例的安全漏洞和合规性问题(AWS文档:Amazon Inspector功能)。选项A/E涉及加密传输数据,属机密性保护,不直接检查漏洞或缩小攻击面;选项C的SSL卸载属于性能优化,与防护无关。