ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 224 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 224
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses AWS Config rules to identify Amazon S3 buckets that are not compliant with the company’s data protection policy. The S3 buckets are hosted in several AWS Regions and several AWS accounts. The accounts are in an organization in AWS Organizations.

The company needs a solution to remediate the organization’s existing noncompliant S3 buckets and any noncompliant S3 buckets that are created in the future.

Which solution will meet these requirements?

  • A. Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.
  • B. Deploy an AWS Config aggregator with organization-wide resource data aggregation. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.
  • C. Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an AWS Lambda function that responds to AWS Config findings of noncompliant S3 buckets by deleting or reconfiguring the S3 buckets.
  • D. Deploy an AWS Config aggregator that scopes only the accounts and Regions that the company currently uses. Create an SCP that contains a Deny statement that prevents the creation of new noncompliant S3 buckets. Apply the SCP to all OUs in the organization.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Pmktechno at Dec. 29, 2024, 6:16 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pat9595
5 days, 2 hours ago
Selected Answer: A
SCPs only prevent future violations but do not remediate existing noncompliant S3 buckets. The requirement includes fixing already existing noncompliant S3 buckets, which SCPs alone cannot address.
upvoted 1 times
...
Bachhu
1 month ago
Selected Answer: B
Seems like B as full AWS organisation.
upvoted 1 times
Bachhu
4 weeks, 1 day ago
It’s A
upvoted 1 times
...
...
Pmktechno
1 month, 1 week ago
Selected Answer: A
AWS Config Aggregator: This allows you to aggregate AWS Config data from multiple accounts and Regions into a single account, providing a comprehensive view of compliance status across the organization. AWS Lambda Function: By creating a Lambda function that responds to noncompliant findings, you can automate the remediation process. This function can be configured to either delete or reconfigure noncompliant S3 buckets, ensuring they meet the company's data protection policy. This approach ensures that both existing and future noncompliant S3 buckets are addressed automatically, maintaining compliance across the organization.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago