ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 199 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 199
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is using an organization in AWS Organizations to manage hundreds of AWS accounts. A solutions architect is working on a solution to provide baseline protection for the Open Web Application Security Project (OWASP) top 10 web application vulnerabilities. The solutions architect is using AWS WAF for all existing and new Amazon CloudFront distributions that are deployed within the organization.

Which combination of steps should the solutions architect take to provide the baseline protection? (Choose three.)

  • A. Enable AWS Config in all accounts
  • B. Enable Amazon GuardDuty in all accounts
  • C. Enable all features for the organization
  • D. Use AWS Firewall Manager to deploy AWS WAF rules in all accounts for all CloudFront distributions
  • E. Use AWS Shield Advanced to deploy AWS WAF rules in all accounts for all CloudFront distributions
  • F. Use AWS Security Hub to deploy AWS WAF rules in all accounts for all CloudFront distributions
Show Suggested Answer Hide Answer
Suggested Answer: ACD 🗳️
by Roontha at May 27, 2023, 3:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Roontha
Highly Voted 2 years, 1 month ago
My Answer A,C,D https://aws.amazon.com/blogs/security/using-aws-firewall-manager-and-waf-to-protect-your-web-applications-with-master-rules-and-application-specific-rules/ can someone post the link if you feel my answer is incorrect
upvoted 18 times
ShinLi
2 years, 1 month ago
why you pickup C? why we need enable all the features?
upvoted 1 times
Roontha
2 years ago
@ShinLi, C is must requirement in order leverage AWS Firewall Manager according to aws. Prerequisites AWS Firewall Manager has the following prerequisites: AWS Organizations: Your organization must be using AWS Organizations to manage your accounts, and All Features must be enabled. For more information, see Creating an Organization and Enabling All Features in Your Organization. A firewall administrator AWS Account: You must designate one of the AWS accounts in your organization as the administrator for AWS Firewall Manager. This gives the account permission to deploy AWS WAF rules across the organization. AWS Config: You must enable AWS Config for all of the accounts in your organization so that AWS Firewall Manager can detect newly created resources. To enable AWS Config for all of the accounts in your organization, you can use the Enable AWS Config template on the StackSets Sample Templates page. For more information, see Getting Started with AWS Config.
upvoted 22 times
...
...
...
sakibmas
Most Recent 9 months, 3 weeks ago
Selected Answer: ACD
AWS Firewall Manager has the following prerequisites: AWS Organizations: Your organization must be using AWS Organizations to manage your accounts, and All Features must be enabled. A firewall administrator AWS Account: You must designate one of the AWS accounts in your organization as the administrator for AWS Firewall Manager. AWS Config: You must enable AWS Config for all of the accounts in your organization so that AWS Firewall Manager can detect newly created resources. Reference: https://aws.amazon.com/blogs/security/using-aws-firewall-manager-and-waf-to-protect-your-web-applications-with-master-rules-and-application-specific-rules/
upvoted 2 times
...
Russs99
1 year, 2 months ago
Selected Answer: ACD
ACD is the correct combination to establish a base line security when deploying within the organization in AWS Organization.
upvoted 1 times
...
shaaam80
1 year, 6 months ago
Selected Answer: ACD
Answer - ACD Prerequisites - AWS Config and All Features should be enabled in the organization.
upvoted 2 times
...
career360guru
1 year, 7 months ago
Selected Answer: ACD
A, C, D
upvoted 1 times
...
severlight
1 year, 7 months ago
Selected Answer: ACD
AWS config must be enabled in all accounts to identify new resources so AWS Firewall manager works properly
upvoted 3 times
...
easytoo
1 year, 11 months ago
a-c-d----a-c-d----a-c-d GuardDuty, Shield Advanced, and Security Hub provide other security capabilities but are not directly related to deploying WAF rules across all accounts and distributions.
upvoted 2 times
...
NikkyDicky
1 year, 12 months ago
Selected Answer: ACD
its ACD
upvoted 1 times
...
javitech83
2 years ago
Selected Answer: ACD
D is clear. A and C are needed for D to work https://aws.amazon.com/es/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/#:~:text=Firewall%20Manager%20prerequisites
upvoted 1 times
...
SkyZeroZx
2 years ago
Selected Answer: ACD
ACD Link reference : https://aws.amazon.com/es/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/#:~:text=Firewall%20Manager%20prerequisites
upvoted 3 times
...
easytoo
2 years ago
baseline for OWASP = b-d-f
upvoted 1 times
...
emiliocb4
2 years ago
Selected Answer: ACD
baseline protection vconfiguration. A to evaluate the configurations of AWS resources C enabling all features required by Firewall manager D to enable the waf rules
upvoted 4 times
...
Jonalb
2 years ago
Selected Answer: ABD
Enable AWS Config in all accounts: AWS Config provides a detailed view of the configuration of AWS resources within an organization. By enabling AWS Config, the solutions architect can track and monitor the configuration of CloudFront distributions and ensure that they adhere to the desired baseline configuration, including AWS WAF settings. Enable Amazon GuardDuty in all accounts: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior within AWS accounts. Enabling GuardDuty in all accounts allows for real-time threat detection and alerts related to potential web application vulnerabilities.
upvoted 1 times
...
SVGoogle89
2 years ago
Prerequisites for using AWS Firewall Manager Your account must be a member of AWS Organizations Your AWS account must be a member of an organization in the AWS Organizations service, and the organization must have all features enabled. Your account must be the AWS Firewall Manager administrator To configure Firewall Manager policies, your account must be set as the AWS Firewall Manager administrator account, in the Settings pane. You must have AWS Config enabled for your accounts and Regions You must enable AWS Config for each of your AWS Organizations member accounts and for each AWS Region that contains resources that you want to protect using AWS Firewall Manager.
upvoted 2 times
...
Jesuisleon
2 years ago
Selected Answer: ACD
A,C,D is right answer. Infact My initial choice is B,C,D. After I rewatch neal Davis' video, GuardDuty is intelligent thread detection service based ML, it does continuous monitoring for : 1) CloudTrail Management events; 2) CloudTrail S3 Data Events;3)VPC Flow Logs 4) DNS logs. so guardduty is not right in this scenario.
upvoted 3 times
...
chathur
2 years ago
Selected Answer: ACD
The tutorial is here. https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/#:~:text=Firewall%20Manager%20prerequisites
upvoted 1 times
Gmail78
1 year, 10 months ago
I assume if you want to secure AWS you need Guard duty enabled, it also interact with AWS WAF: https://aws.amazon.com/blogs/security/how-to-use-amazon-guardduty-and-aws-web-application-firewall-to-automatically-block-suspicious-hosts/
upvoted 1 times
...
...
Rajivjain
2 years ago
Selected Answer: BDE
Updating My Vote to BDE Enabling Amazon GuardDuty will help monitor and detect malicious activity. Deploying WAF rules via Firewall Manager or Shield Advanced will filter incoming traffic and block common attack patterns. These steps can help protect against many of the most common web application security risks identified by OWASP. A (Enable AWS Config) is not directly related to providing baseline protection for web applications against OWASP's top 10 vulnerabilities. C (Enable All Features) is too broad and does not specifically address web application security. F (Use Security Hub) does not have a native capability to deploy WAF rules at scale.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel