exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 166 discussion

A security administrator has enabled AWS Security Hub for all the AWS accounts in an organization in AWS Organizations. The security team wants near-real-time response and remediation for deployed AWS resources that do not meet security standards. All changes must be centrally logged for auditing purposes.

The organization has reached the quotas for the number of SCPs attached to an OU and SCP document size. The team wants to avoid making any changes to any of the SCPs. The solution must maximize scalability and cost-effectiveness.

Which combination of actions should the security administrator take to meet these requirements? (Choose three.)

  • A. Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account.
  • B. Use AWS Systems Manager Change Manager to track configuration changes to AWS resources. Create a Systems Manager document to remediate the AWS resources in the delegated administrator AWS account.
  • C. Create a Security Hub custom action to reference in an Amazon EventBridge event rule in the delegated administrator AWS account.
  • D. Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources.
  • E. Create an Amazon EventBridge event rule to invoke an AWS Lambda function that will evaluate AWS resource configuration for a set of API requests and create a finding for noncompllant AWS resources.
  • F. Create an Amazon EventBridge event rule to invoke an AWS Lambda function on a schedule to assess specific AWS Config rules.
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
adit
Highly Voted 5 months ago
Selected Answer: ACD
acd are correct answer
upvoted 7 times
...
aescudero51
Highly Voted 6 months ago
Selected Answer: ADE
My answer is A. Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account. My answer is D. Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources. My answer is E. Create an Amazon EventBridge event rule to invoke an AWS Lambda function that will evaluate AWS resource configuration for a set of API requests and create a finding for noncompllant AWS resources.
upvoted 5 times
...
IPLogic
Most Recent 1 day, 23 hours ago
Selected Answer: ACD
Option A: Creating an AWS Config custom rule and a Lambda function for remediation is a good choice for detecting and responding to configuration changes. Option D: Using an EventBridge event rule to invoke a Lambda function is also a good choice for taking action on AWS resources based on events. Option E: While creating an EventBridge event rule to evaluate AWS resource configuration and create findings for non-compliant resources is useful, it does not directly address the need for near-real-time remediation. It focuses more on evaluation and logging rather than immediate action. By including Option C (Security Hub custom action), you ensure that Security Hub findings can trigger EventBridge rules, which then invoke Lambda functions for remediation. This creates a more integrated and automated response system, aligning with the requirement for near-real-time response and remediatio
upvoted 1 times
...
723993f
1 week, 3 days ago
(A) for config rule creation which is the main detection of config change, this will generate a SecurityHub finding as mentioned in the question to be already enabled. (C) Security hub can invoke event bridge. (D) eventbridge can invoke lambda at which point we can do anything
upvoted 1 times
...
VerRi
3 months, 1 week ago
Selected Answer: ACD
I will go for ACD
upvoted 3 times
...
nischal77777
3 months, 2 weeks ago
Selected Answer: ADE
ADE is most correct answer
upvoted 1 times
...
sema2232
5 months, 2 weeks ago
CDE are correct answers
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...