ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 478 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 478
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled. If an S3 bucket does not have logging enabled, an automated process must enable logging for the S3 bucket.

Which solution will meet these requirements?

  • A. Use AWS Trusted Advisor to perform a check for S3 buckets that do not have logging enabled. Configure the check to enable logging for S3 buckets that do not have logging enabled.
  • B. Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled.
  • C. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.
  • D. Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLogging AWS Systems Manager Automation runbook to enable logging.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Aamee at Oct. 29, 2024, 8:46 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ramdi1
1 day, 8 hours ago
Selected Answer: D
To automate compliance for S3 bucket logging, AWS provides a well-integrated solution through: AWS Config managed rules – such as s3-bucket-logging-enabled – to detect non-compliant S3 buckets (i.e., those without logging enabled). Automatic remediation using AWS Systems Manager Automation runbooks – in this case, AWS-ConfigureS3BucketLogging – to enable logging when a bucket is found to be non-compliant. This solution ensures: Continuous monitoring of both current and newly created buckets. Automatic enforcement of the policy without manual intervention.
upvoted 1 times
...
igor12ghsj577
4 months, 3 weeks ago
Selected Answer: D
prebuilt AWS Systems Manager Automation runbook (AWS-ConfigureS3BucketLogging)
upvoted 3 times
...
numark
4 months, 3 weeks ago
S3 is not a system... Answer is C and ChatGPT agress>>>To ensure that all current and future Amazon S3 buckets have logging enabled, and to automatically enable logging for any S3 bucket that does not have it configured, the SysOps administrator can use AWS Config with AWS Lambda to automate this process.
upvoted 1 times
numark
4 months, 1 week ago
D This solution meets the requirements by ensuring all current and future S3 buckets have logging enabled, and if any do not, it enables logging through an automated process without the need for writing custom scripts by using Lambda.
upvoted 1 times
...
...
Aamee
5 months, 2 weeks ago
Selected Answer: D
Since it's been specifically asked about an automated method to enable for existing and future buckets so that's why Config Rule for automated detection and Systems Manager Automation Runbook for automated enabling makes a perfect combination via option D IMO.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago