Examtopics

AWS Certified Security - Specialty

  • Topic 1 Question 166

    A security administrator has enabled AWS Security Hub for all the AWS accounts in an organization in AWS Organizations. The security team wants near-real-time response and remediation for deployed AWS resources that do not meet security standards. All changes must be centrally logged for auditing purposes.

    The organization has reached the quotas for the number of SCPs attached to an OU and SCP document size. The team wants to avoid making any changes to any of the SCPs. The solution must maximize scalability and cost-effectiveness.

    Which combination of actions should the security administrator take to meet these requirements?

    3 つ選択

    • Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account.

    • Use AWS Systems Manager Change Manager to track configuration changes to AWS resources. Create a Systems Manager document to remediate the AWS resources in the delegated administrator AWS account.

    • Create a Security Hub custom action to reference in an Amazon EventBridge event rule in the delegated administrator AWS account.

    • Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources.

    • Create an Amazon EventBridge event rule to invoke an AWS Lambda function that will evaluate AWS resource configuration for a set of API requests and create a finding for noncompllant AWS resources.

    • Create an Amazon EventBridge event rule to invoke an AWS Lambda function on a schedule to assess specific AWS Config rules.

    シャッフルモード