Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 8 Question 25 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 25
Topic #: 8
[All SCS-C02 Questions]

A company uses AWS Organizations to manage a multi-accountAWS environment in a single AWS Region. The organization's management account is named management-01. The company has turned on AWS Config in all accounts in the organization. The company has designated an account named security-01 as the delegated administra-tor for AWS Config.

All accounts report the compliance status of each account's rules to the AWS Config delegated administrator account by using an AWS Config aggregator. Each account administrator can configure and manage the account's own AWS Config rules to handle each account's unique compliance requirements.

A security engineer needs to implement a solution to automatically deploy a set of 10 AWS Config rules to all existing and future AWS accounts in the organiza-tion. The solution must turn on AWS Config automatically during account crea-tion.

Which combination of steps will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


by Daron at Aug 06, 2024, 06:12 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cecil
10 days ago
I'm just wondering, does the CloudFormation template in D or E have to include the 10 required Config rules, or is that handled separately? I want to make sure I have the right understanding.
upvoted 0 times
...
Delsie
13 days ago
I agree with Jesusita. B and D are the way to go. Deploying the conformance pack from the security-01 account and automating the Config activation makes the most sense.
upvoted 0 times
...
Scarlet
15 days ago
I'm not sure, but maybe we should also consider creating an AWS CloudFormation template in the management-01 account.
upvoted 0 times
...
Salena
16 days ago
I agree with Deandrea. That seems like the best option to automatically deploy the AWS Config rules.
upvoted 0 times
...
Sherita
18 days ago
Hmm, I'm not sure about D. Wouldn't it be better to use the management-01 account to deploy the CloudFormation template and activate AWS Config? That way, it's done from the central management account.
upvoted 0 times
...
Jesusita
20 days ago
I think B and D are the right steps to meet the requirements. Deploying the conformance pack from the security-01 account and using CloudFormation StackSets to activate AWS Config seem like the most efficient approach.
upvoted 0 times
...
Deandrea
21 days ago
I think we should create a conformance pack from the security-01 account.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77