Exam AWS-SysOps topic 1 question 599 discussion

shoule be B. (Reactive governance is used to identify improper tags, programmatically using tools such as the Resource Groups Tagging API, AWS Config Rules, and custom scripts, or manually using Tag Editor and detailed billing reports. Proactive governance leverages tools such as AWS CloudFormation, AWS Service Catalog, or IAM resource-level permissions to ensure standardized tags are consistently applied at resource creation. For example, you can use the AWS CloudFormation Resource Tags property to apply tags to certain resource types. In AWS Service Catalog, you can add portfolio and product tags that are combined and applied to a provisioned product automatically when it is launched.)

As the question is asking for enforcement, B seems to be correct

Option B is correct because AWS Service Catalog allows administrators to create and manage catalogs of IT services that are approved for use on AWS. With the TagOptions Library, you can enforce a tagging taxonomy proactively when instances and volumes are launched. This ensures that all resources are tagged at the time of creation, providing real-time enforcement of the tagging strategy.

Option D is a more direct and efficient approach as it allows the Administrator to enforce tagging at the time of resource creation by using the TagResources API action. This ensures that tags are applied immediately and consistently without requiring manual intervention or additional configurations. While options A and B can be used for remediation or enforcing tagging in existing resources, option D is specifically focused on real-time enforcement during resource creation.

B. https://docs.aws.amazon.com/servicecatalog/latest/adminguide/tagoptions.html

B. https://docs.aws.amazon.com/servicecatalog/latest/adminguide/tagoptions.html

Answer is "B". In an organization, we can create default templates for all resources (in the Service Catalog) we can use and can add tagging, logging and other prerequisites well in advance; so any new resource consumed in the organization will have the standard defined by the company.

B. Set up AWS Service Catalog with the TagOptions Library rule that enforces a tagging taxonomy proactively when instances and volumes are launched.

I would go with B

B. Set up AWS Service Catalog with the TagOptions Library rule that enforces a tagging taxonomy proactively when instances and volumes are launched. will be the right answer.

I'll go with B

B. Set up AWS Service Catalog with the TagOptions Library rule that enforces a tagging taxonomy proactively when instances and volumes are launched.

AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application environments. AWS Service Catalog enables a self-service capability for users, allowing them to provision the services they need while also helping you to maintain consistent governance – including the application of required tags and tag values. ANS is B

"real-time enforcement" . I go with B

Should be B After a TagOption is created, you can associate it to a resource from the detail page of that product or portfolio. If multiple TagOptions with the same key and different values are applied to a resource, a user launching that resource sees a list of value options to choose from. Upon launch, the set of administrator-associated and user-selected TagOptions are added as tags to the product.

The question mention real-time, and "manually" updating tags cannot be considered as real-time. Using the service catalog will do it , so B is the answer, though this will only apply to resources provisioned through the service catalog.

B : Is the only good answer! AWS Service Catalog permits it!