How can you identify Amazon EC2 instances that have been tagged as "Private" using Prisma Cloud Enterprise?

• A. Open the Asset Dashboard, filter on tags, and choose "Private"
• B. Create an RQL config query to identify resources with the tag "Private"
• C. Generate a CIS compliance report and renew the "Asset Summary"
• D. Create an RQL network query to identify traffic from resources tagged "Private"

Answer: (B)

Using RQL (Resource Query Language) to create a config query is the most effective way to identify Amazon EC2 instances that have been tagged as "Private." RQL allows for precise filtering of resources based on their tags, enabling users to craft specific queries to target resources that meet certain criteria, such as having a particular tag value.

By utilizing a config query, you can directly specify the tag "Private" and retrieve all instances that match this condition across your AWS account. This method is efficient because it allows for detailed queries that can be tailored to exactly what you need, ensuring that you can accurately identify those instances without wading through irrelevant data.

In contrast, filtering through the Asset Dashboard may not provide the same level of specificity or comprehensive insights, especially if there are many other assets present that do not have the "Private" tag. Generating a CIS compliance report typically focuses on overall security policies and compliance, rather than specific resource tagging. Lastly, creating a network query may address traffic concerns but would not directly identify the instances themselves based on their tags.