You have a requirement to conduct penetration testing on the AWS Cloud for a couple of EC2 Instances.
How could you go about doing this? Choose 2 right answers from the options given below.
A . Get prior approval from AWS for conducting the test
B . Use a pre-approved penetration testing tool.
C . Work with an AWS partner and no need for prior approval request from AWS
D . Choose any of the AWS instance type
Answer: A,B
Explanation:
You can use a pre-approved solution from the AWS Marketplace. But till date the AWS Documentation still mentions that you have to get prior approval before conducting a test on the AWS Cloud for EC2 Instances.
Option C and D are invalid because you have to get prior approval first.
AWS Docs Provides following details:
"For performing a penetration test on AWS resources first of all we need to take permission from AWS and complete a requisition form and submit it for approval. The form should contain information about the instances you wish to test identify the expected start and end dates/times of your test and requires you to read and agree to Terms and Conditions specific to penetration testing and to the use of appropriate tools for testing. Note that the end date may not be more than 90 days from the start date." (
At this time, our policy does not permit testing small or micro RDS instance types. Testing of ml .small, t1 .micro or t2.nano EC2 instance types is not permitted.
For more information on penetration testing please visit the following URL:
https://aws.amazon.eom/security/penetration-testine/l
The correct answers are: Get prior approval from AWS for conducting the test Use a pre-approved penetration testing tool. Submit your Feedback/Queries to our Experts