Topic 1 Question 93

AWS Certified Security - Specialty

Topic 1 Question 93
A company uses infrastructure as code (IaC) to create AWS infrastructure. The company writes the code as AWS CloudFormation templates to deploy the infrastructure. The company has an existing CI/CD pipeline that the company can use to deploy these templates.

After a recent security audit, the company decides to adopt a policy-as-code approach to improve the company's security posture on AWS. The company must prevent the deployment of any infrastructure that would violate a security policy, such as an unencrypted Amazon Elastic Block Store (Amazon EBS) volume.

Which solution will meet these requirements?
- Turn on AWS Trusted Advisor. Configure security notifications as webhooks in the preferences section of the CI/CD pipeline.
- Turn on AWS Config. Use the prebuilt rules or customized rules. Subscribe tile CI/CD pipeline to an Amazon Simple Notification Service (Amazon SNS) topic that receives notifications from AWS Config.
- Create rule sets in AWS CloudFormation Guard. Run validation checks for CloudFormation templates as a phase of the CI/CD process.
- Create rule sets as SCPs. Integrate the SCPs as a part of validation control in a phase of the CI/CD process.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: C
  C definitely. CFN Guard defined rule sets help in preventing from the derivation of Infrastructure resource security policies..
  
  👍 4
  Aamee2024/05/25
- 正解だと思う選択肢: C
  C for sure
  
  👍 2
  [Removed]2024/05/25
- 正解だと思う選択肢: C
  https://aws.amazon.com/blogs/mt/policy-as-code-for-securing-aws-and-third-party-resource-types/
  
  👍 2
  Daniel762024/06/14
シャッフルモード

ユーザの投票

コメント(7)