Home › Forums › AWS › AWS Certified Cloud Practitioner › Confused about the answer
-
Confused about the answer
-
Hello,
For the question below, I guess the answer should be IAM to control who can access the aws resources to ensure only authorized users have the correct answers.the other options are also important for overall security but not focus on access control. So the answer Infrastructure Protection is irrelevant.
Please can you elaborate more why Infrastructure Protection is your answer.
Thank you and have a good day!
40. Question
Category: CCP – Cloud Concepts
A startup wants to move its on-premises infrastructure to AWS. The IT Security team wants to protect all of the applications against unintended and unauthorized access as well as potential vulnerabilities.
Which of the following capability of AWS CAF’s Security perspective would be most relevant to address this concern?
-
Identity and Access Management
-
Data Protection
-
Threat Detection
-
Infrastructure Protection
-
-
Hello Radouane,
Thank you for your message and thoughtful feedback!
I understand that you are emphasizing the importance of Identity and Access Management (IAM) in controlling access to AWS resources. While IAM is crucial for allowing only authorized users to access specific resources, the main focus in this scenario is to protect applications from vulnerabilities and unintended access.
The Infrastructure Protection capability within the AWS CAF Security perspective is extensive. It encompasses the protection of cloud infrastructure, including application security through measures such as firewalls, security groups, and network segmentation. These protective controls help to secure applications against unauthorized access and potential vulnerabilities. This directly aligns with the IT Security team’s concerns regarding securing the entire infrastructure and preventing attacks.
IAM, though important for managing access control, it does not cover the entire scope of protecting the infrastructure from unauthorized access or mitigating vulnerabilities in the applications themselves.
Hence, Infrastructure Protection is the most relevant answer because it focuses on securing the entire cloud environment, including the applications running on it.
For further reading, you can visit the official AWS documentation here.
I hope this clears up the reasoning behind the answer! Please feel free to reach out if you have any further questions.
Regards,
Nikee @ Tutorials Dojo
Log in to reply.