Topic 1 Question 262
A company needs to retain data that is stored in Amazon CloudWatch Logs log groups. The company must retain this data for 90 days. The company must receive notification in AWS Security Hub when log group retention is not compliant with this requirement.
Which solution will provide the appropriate notification?
Create a Security Hub custom action to assess the log group retention period.
Create a data protection policy in CloudWatch Logs to assess the log group retention period.
Create a Security Hub automation rule. Configure the automation rule to assess the log group retention period.
Use the AWS Config managed rule that assesses the log group retention period. Ensure that AWS Config integration is enabled in Security Hub.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: D
AWS Config Managed Rule: AWS Config provides a managed rule specifically for assessing the retention period of CloudWatch Logs log groups. This rule will automatically evaluate whether log groups comply with the specified retention period (in this case, 90 days).
Integration with Security Hub: By enabling AWS Config integration with Security Hub, non-compliant configurations identified by AWS Config can trigger notifications in Security Hub.
This ensures that any deviations from the retention policy are promptly reported.
👍 2IPLogic2024/12/05
シャッフルモード