A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?
A manager informs the SOC that one or more RDS instances have been compromised and the SOC needs to make sure production RDS instances are NOT publicly accessible.
Which action should the SOC take to follow security best practices?
To ensure that production RDS instances are not publicly accessible, the SOC should enable the 'AWS RDS database instance is publicly accessible' policy and add it to an auto-remediation alert rule. This approach ensures continuous and automated enforcement of the policy, preventing any RDS instances from becoming publicly accessible and addressing potential security risks promptly without manual intervention.
D https://live.paloaltonetworks.com/t5/prisma-cloud-articles/prisma-cloud-release-notes-for-july-14-2020/ta-p/340499
B - D answer doesn't say anything about production eviroment. True that D includes all enviroments meaning includes production but you're doing more than required causing issues in other enviroments.
D --> To enable automated remediation, identify the set of policies that you want to remediate automatically and verify that Prisma Cloud has the required permissions in the associated cloud environments. Then Create an Alert Rule for Run-Time Checks that enables automated remediation for the set of policies you identified.
D https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts
D. Enable “AWS RDS database instance is publicly accessible” policy and add policy to an auto-remediation alert rule.