You have a project that needs an AMI to pre-install several applications. You search for the AWS Marketplace and find a public AMI that can meet your needs. However, you are unsure if it is secure to use the AMI. For example, it may contain pre-installed public SSH keys that may allow unwanted third-party access. Which actions would you perform to prevent this?

Answer options:

A.Log in as the ec2-user and search for all the authorized_keys files. Delete any unauthorized private SSH keys.
B.Identify unauthorized public SSH keys by locating all authorized_keys files on disk. Remove any unrecognized keys.
C.Log in as the root user and check if the file in /root/.ssh/authorized_keys contains unknown public SSH keys. Disable any unrecognized keys in the file.
D.Global search the SSH private keys in the disk by checking all the PEM files. Delete the unknown keys.

Correct Answer – B
About how to share and use public AMIs in a secure manner, check the reference in
https://aws.amazon.com/articles/how-to-share-and-use-public-amis-in-a-secure-manner/.
Option A is incorrect: Because the root user should be used to locate all authorized_keys files.
Option B is CORRECT: The below command is an example to locate all authorized_keys files in the disk: find / -name "authorized_keys" -print -exec cat {} \;
Option C is incorrect: Because public SSH keys are not guaranteed to be in the /root/.ssh/authorized_keys file.
Option D is incorrect: Because SSH public keys are not within the PEM files. PEM files contain SSH private keys instead of public keys. In this question, we should search for the public keys in authorized_keys files.