Topic 1 Question 64
A company has an organization in AWS Organizations. The company is using AWS Control Tower to deploy a landing zone for the organization. The company wants to implement governance and policy enforcement. The company must implement a policy that will detect Amazon RDS DB instances that are not encrypted at rest in the company’s production OU.
Which solution will meet this requirement?
Turn on mandatory guardrails in AWS Control Tower. Apply the mandatory guardrails to the production OU.
Enable the appropriate guardrail from the list of strongly recommended guardrails in AWS Control Tower. Apply the guardrail to the production OU.
Use AWS Config to create a new mandatory guardrail. Apply the rule to all accounts in the production OU.
Create a custom SCP in AWS Control Tower. Apply the SCP to the production OU.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
The correct answer is B. AWS Control Tower provides a set of "strongly recommended guardrails" that can be enabled to implement governance and policy enforcement. One of these guardrails is "Encrypt Amazon RDS instances" which will detect RDS DB instances that are not encrypted at rest. By enabling this guardrail and applying it to the production OU, the company will be able to enforce encryption for RDS instances in the production environment.
Option A is incorrect because mandatory guardrails are pre-defined by AWS and cannot be customized. Option C is incorrect because AWS Config does not provide mandatory guardrails for RDS instances. Option D is incorrect because AWS Control Tower does not provide a feature called custom SCP (Service Control Policy), it uses guardrails instead.
👍 5masetromain2023/01/14 - 正解だと思う選択肢: B👍 4pitakk2023/01/25
- 正解だと思う選択肢: B
Tip - As this detective guardrail is available, answer is B. But if the guardrail is not available in that predefined list, the answer would be --C https://aws.amazon.com/blogs/mt/aws-control-tower-detective-guardrails-as-an-aws-config-conformance-pack/
👍 3God_Is_Love2023/02/28
シャッフルモード