Amazon Exam SCS-C01 Topic 1 Question 51 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 51
Topic #: 1

A company is implementing new compliance requirements to meet customer needs. According to the new requirements the company must not use any Amazon RDS DB instances or DB clusters that lack encryption of the underlying storage. The company needs a solution that will generate an email alert when an unencrypted DB instance or DB cluster is created. The solution also must terminate the unencrypted DB instance or DB cluster.

Which solution will meet these requirements in the MOST operationally efficient manner?

ACreate an AWS Config managed rule to detect unencrypted ROS storage. Configure an automatic remediation action to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.

BCreate an AWS Config managed rule to detect unencrypted RDS storage. Configure a manual remediation action to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.

CCreate an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters Configure the rule to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.

DCreate an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.

Show Suggested Answer

Suggested Answer: A

https://docs.aws.amazon.com/config/latest/developerguide/rds-storage-encrypted.html

by Albina at Dec 14, 2023, 11:50 PM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lenna

23 days ago

Hmm, good points. I'm kinda leaning towards option D though. The manual remediation in option B seems a bit risky, since you could forget to actually fix the issue. With option D, the Lambda function can handle both the notification and the deletion, so it's a more complete automated solution.

upvoted 0 times

...

Vincenza

24 days ago

Haha, yeah, seriously. Maybe they're just trying to keep the legacy systems alive, you know, for that one client that refuses to upgrade. 'If it ain't broke, don't fix it,' am I right?

upvoted 0 times

...

27 days ago

Agreed, option D seems to be the way to go. Though I do have to wonder, what kind of *unencrypted* RDS instances are they even creating these days? Aren't those basically dinosaurs at this point?

upvoted 0 times

...