Topic 1 Question 224

AWS Certified Security - Specialty

Topic 1 Question 224
A company uses AWS Config rules to identify Amazon S3 buckets that are not compliant with the company’s data protection policy. The S3 buckets are hosted in several AWS Regions and several AWS accounts. The accounts are in an organization in AWS Organizations.

The company needs a solution to remediate the organization’s existing noncompliant S3 buckets and any noncompliant S3 buckets that are created in the future.

Which solution will meet these requirements?
- Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.
- Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.
- Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.
- Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
  AWS Config Aggregator: This allows you to aggregate AWS Config data from multiple accounts and Regions into a single account, providing a comprehensive view of compliance status across the organization. AWS Lambda Function: By creating a Lambda function that responds to noncompliant findings, you can automate the remediation process. This function can be configured to either delete or reconfigure noncompliant S3 buckets, ensuring they meet the company's data protection policy. This approach ensures that both existing and future noncompliant S3 buckets are addressed automatically, maintaining compliance across the organization.
  
  👍 1
  Pmktechno2024/12/29
- 正解だと思う選択肢: B
  Seems like B as full AWS organisation.
  
  👍 1
  Bachhu2025/01/03
- 正解だと思う選択肢: A
  SCPs only prevent future violations but do not remediate existing noncompliant S3 buckets. The requirement includes fixing already existing noncompliant S3 buckets, which SCPs alone cannot address.
  
  👍 1
  Pat95952025/02/01
シャッフルモード

ユーザの投票

コメント(3)