Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam DOP-C01 Topic 12 Question 88 Discussion

Actual exam question for Amazon's DOP-C01 exam
Question #: 88
Topic #: 12
[All DOP-C01 Questions]

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state.

Which strategy should be used to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sylvia at Mar 15, 2024, 05:57 PM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherrie
1 years ago
That's true, Tayna. AWS Config rules could provide additional benefits for monitoring.
upvoted 0 times
...
Tayna
1 years ago
I think option B might also work well. AWS Config rules can be really powerful for monitoring resource drift.
upvoted 0 times
...
Mari
1 years ago
I agree with Cherrie. Option A seems like the most straightforward solution for this scenario.
upvoted 0 times
...
Cherrie
1 years ago
I think option A is the best choice. Using CloudFormation drift detection would be really helpful.
upvoted 0 times
...
Salome
1 years ago
That's true, but I still think option A is more efficient for this scenario.
upvoted 0 times
...
Corazon
1 years ago
But what about option B? Using AWS Config rules could provide more detailed monitoring.
upvoted 0 times
...
Rossana
1 years ago
I agree, option A seems to be the most straightforward way to meet both requirements.
upvoted 0 times
...
Salome
1 years ago
I think option A is the best choice because it allows users to deploy through CloudFormation and uses drift detection.
upvoted 0 times
...
Mee
1 years ago
Ooh, good catch! I'd say the template constraint is probably the way to go, since it allows you to enforce the use of a specific CloudFormation template. That way, you know the resources are being deployed exactly as expected.
upvoted 0 times
...
Valentin
1 years ago
Yeah, those options definitely seem like the way to go. I'm curious about the difference between using a launch constraint versus a template constraint though. Gotta make sure we're picking the right one.
upvoted 0 times
Sherill
1 years ago
A) Allow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.
upvoted 0 times
...
Vallie
1 years ago
That makes sense. A template constraint would probably ensure a more standardized deployment across the company.
upvoted 0 times
...
Stephaine
1 years ago
D) Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a template constraint Use Amazon EventBridge (Amazon CloudWatch Events) notifications to detect when resources have drifted from their expected state.
upvoted 0 times
...
Kelvin
1 years ago
I think using a launch constraint would restrict the choice of templates users can pick, while a template constraint would enforce the structure of the selected template.
upvoted 0 times
...
Ressie
1 years ago
C) Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a launch constraint Use AWS Config rules to detect when resources have drifted from their expected state.
upvoted 0 times
...
Chan
1 years ago
B) Allow users to deploy CloudFormation stacks using a CloudFormation service role only. Use AWS Config rules to detect when resources have drifted from their expected state.
upvoted 0 times
...
Delsie
1 years ago
A) Allow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.
upvoted 0 times
...
...
Denae
1 years ago
Exactly! And the use of AWS Config rules or Amazon EventBridge notifications to detect drift is a nice touch. Covers all the bases.
upvoted 0 times
...
Nieves
1 years ago
Haha, nice try, but I don't think the security team is going to go for that. They're pretty serious about this stuff, you know? Better to play by the rules and avoid any unwanted surprises down the line.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77