Security Audit Best Practices

Answer: A.

Option A is CORRECT because a year's time is generally too long a gap for conducting security audits, and it does not meet the AWS recommendations.

Options B, C and D are incorrect as they are the recommended best practices by AWS.

According to the AWS documentation, you should audit your security configuration in the following situations:

On a periodic basis.

If there are changes in your organization, such as people leaving.

If you have stopped using one or more individual AWS services.

This is important for removing permissions that users in your account no longer need.

If you've added or removed software in your accounts, such as applications on Amazon EC2 instances, AWS OpsWorks stacks, AWS CloudFormation templates, etc.

If you ever suspect that an unauthorized person might have accessed your account.

For more information on Security Audit guideline, please visit the below URL:

https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html

All the options listed are best practices for carrying out a security audit except for one. Let's discuss each option in detail:

A. Conduct an audit on a yearly basis. This option is a best practice for carrying out a security audit. Regularly scheduled audits help ensure that security controls are in place, working correctly, and effective.

B. Conduct an audit if you've added or removed software in your accounts. This option is also a best practice for carrying out a security audit. Adding or removing software can introduce vulnerabilities or impact existing security controls, so it's essential to audit the system after such changes.

C. Conduct an audit if you ever suspect that an unauthorized person might have accessed your account. This option is also a best practice for carrying out a security audit. If there is any suspicion of unauthorized access, it's essential to carry out an audit to identify any potential security breaches and take corrective actions.

D. When there are changes in your organization. This option is not a best practice for carrying out a security audit. Changes in an organization can affect the security of the system, but conducting an audit every time there is a change may not be practical. It's better to have a regular schedule for audits and conduct an audit after significant changes, such as mergers or acquisitions.

In conclusion, the correct answer is D. Conducting an audit every time there are changes in an organization is not a best practice for carrying out a security audit. It's better to have a regular schedule for audits and conduct an audit after significant changes.