ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 189 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 189
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company needs to ensure that flow logs remain configured for all existing and new VPCs in its AWS account. The company uses an AWS CloudFormation stack to manage its VPCs. The company needs a solution that will work for any VPCs that any IAM user creates.

Which solution will meet these requirements?

  • A. Add the AWS::EC2::FlowLog resource to the CloudFormation stack that creates the VPCs.
  • B. Create an organization in AWS Organizations. Add the company's AWS account to the organization. Create an SCP to prevent users from modifying VPC flow logs.
  • C. Turn on AWS Config. Create an AWS Config rule to check whether VPC flow logs are turned on. Configure automatic remediation to turn on VPC flow logs.
  • D. Create an IAM policy to deny the use of API calls for VPC flow logs. Attach the IAM policy to all IAM users.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by csG13 at Dec. 29, 2023, 9:48 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 8 months, 2 weeks ago
Selected Answer: C
C is correct: This will monitor and remediate all existing and new VPCs A: AWS::EC2::FlowLog: This is used to configured flow log, not monitor it B: SCP wont address existing VPCs D: IAM policy has nothing to do here
upvoted 6 times
...
dkp
Most Recent 6 months, 2 weeks ago
Selected Answer: C
option c is correct
upvoted 2 times
...
d262e67
9 months, 4 weeks ago
Selected Answer: C
SCPs only prevent people from changing the VPC flow log configuration. It doesn't ensure it's on.
upvoted 4 times
...
ozansenturk
9 months, 4 weeks ago
Selected Answer: B
both AWS config and SCP work, however, SCP is more preventive compared to proactive AWS Config. therefore, I opted B.
upvoted 1 times
...
kabary
9 months, 4 weeks ago
Selected Answer: C
Answer is C.
upvoted 2 times
...
csG13
10 months ago
Selected Answer: C
It's C, here is a reference how to do it: https://aws.amazon.com/blogs/mt/how-to-enable-vpc-flow-logs-automatically-using-aws-config-rules/
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago