An organization is setting up their website on AWS. The organization is working on various security measures to be
performed on the AWS EC2 instances. Which of the below mentioned security mechanisms will not help the organization
to avoid future data leaks and identify security weaknesses?
A.
Perform SQL injection for application testing.
B.
Run penetration testing on AWS with prior approval from Amazon.
C.
Perform a hardening test on the AWS instance.
D.
Perform a Code Check for any memory leaks.
Explanation:
AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a
public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on AWS EC2,
they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval
from AWS before performing penetration testing Perform hardening testing to find if there are any unnecessary ports
open Perform SQL injection to find any DB security issues.
The code memory checks are generally useful when the organization wants to improve the application performance.
http://aws.amazon.com/security/penetration-testing/
D