ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 36 · Domain 3.2: Security Improvement
An organization is implementing a continuous compliance strategy. They need to ensure that all EBS volumes are encrypted, all S3 buckets block public access, SSH is not open to the world, and any non-compliant resources are automatically remediated. Which FOUR AWS services or features are required? (Select FOUR)
An organization is implementing a continuous compliance strategy. They need to ensure that all EBS volumes are encrypted, all S3 buckets block public access, SSH is not open to the world, and any non-compliant resources are automatically remediated. Which FOUR AWS services or features are required? (Select FOUR)
Answer options:
A.
Amazon GuardDuty
B.
AWS Config
C.
AWS CloudTrail
D.
AWS Config Rules
E.
AWS WAF
F.
AWS Systems Manager Automation
G.
AWS Secrets Manager
H.
AWS Security Hub
How to approach this question
Identify the AWS continuous compliance and remediation stack.
Full Answer
AWS Config records state. Config Rules evaluate compliance. Systems Manager Automation executes remediation. Security Hub aggregates these findings and provides standardized compliance frameworks.
Common mistakes
Selecting GuardDuty for configuration compliance.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2
75 questions · hints · full answers · grading
More questions from this exam
Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...EasyQ02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...EasyQ03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...EasyQ04An architect needs to design a highly available database architecture that spans multiple AWS Reg...EasyQ05A global financial institution is migrating its core banking application to AWS. The application ...Medium