A workload has been moved from a data center to AWS. Previously, vulnerability scans were performed nightly by an external testing company. There is a mandate to continue the vulnerability scans in the AWS environment with third-party testing occurring at least once each month.
What solution allows the vulnerability scans to continue without violating the AWS Acceptable Use Policy?
A. The existing nightly scan can continue with a few changes. The external testing company must be notified of the new IP address of the workload and the security group of the workload must be modified to allow scans from the external company’s IP range.
B. If the external company is a vendor in the AWS Marketplace, notify them of the new IP address of the workload.
C. Submit a penetration testing request every 90 days and have the external company test externally when the request is approved.
D. AWS performs vulnerability testing behind the scenes daily and patches instances as needed. If a vulnerability cannot be automatically addressed, a notification email is distributed.
What solution allows the vulnerability scans to continue without violating the AWS Acceptable Use Policy?
A. The existing nightly scan can continue with a few changes. The external testing company must be notified of the new IP address of the workload and the security group of the workload must be modified to allow scans from the external company’s IP range.
B. If the external company is a vendor in the AWS Marketplace, notify them of the new IP address of the workload.
C. Submit a penetration testing request every 90 days and have the external company test externally when the request is approved.
D. AWS performs vulnerability testing behind the scenes daily and patches instances as needed. If a vulnerability cannot be automatically addressed, a notification email is distributed.