Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 169 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 169
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has a new AWS account that teams will use to deploy various applications. The teams will create many Amazon S3 buckets for application-specific purposes and to store AWS CloudTrail logs. The company has enabled Amazon Macie for the account.

A DevOps engineer needs to optimize the Macie costs for the account without compromising the account's functionality.

Which solutions will meet these requirements? (Choose two.)

  • A. Exclude S3 buckets that contain CloudTrail logs from automated discovery.
  • B. Exclude S3 buckets that have public read access from automated discovery.
  • C. Configure scheduled daily discovery jobs for all S3 buckets in the account.
  • D. Configure discovery jobs to include S3 objects based on the last modified criterion.
  • E. Configure discovery jobs to include S3 objects that are tagged as production only.
Show Suggested Answer Hide Answer
Suggested Answer: CD 🗳️
by PrasannaBalaji at Dec. 29, 2023, 2:17 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
c3518fc
1 week, 2 days ago
Selected Answer: AD
Make your sensitive data discovery jobs as targeted and specific as possible in their scope by using the Object criteria
upvoted 2 times
...
dkp
2 weeks, 6 days ago
Selected Answer: AD
A&D Options to make discovery jobs more targeted include: Include objects by using the “last modified” criterion Don’t scan CloudTrail logs Consider using random object sampling Include objects with specific extensions, tags, or storage size with specific tag key/value pairs such as Environment: Production. Consider scheduling jobs based on how long objects live in your S3 buckets
upvoted 2 times
...
devakram
2 weeks, 6 days ago
Selected Answer: AD
https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/ Options to make discovery jobs more targeted include: Include objects by using the “last modified” criterion — Consider using random object sampling — Include objects with specific extensions, tags, or storage size —
upvoted 2 times
...
WhyIronMan
1 month ago
Selected Answer: AD
A - No need to scan these D - Reduce costs but not functionallity
upvoted 2 times
...
DanShone
1 month, 2 weeks ago
Selected Answer: AD
A - No need to scan these D - Reduce costs but not functionallity
upvoted 1 times
...
Diego1414
2 months, 1 week ago
Selected Answer: AD
AD - Correct https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/
upvoted 1 times
...
thanhnv142
2 months, 3 weeks ago
Selected Answer: AD
A and D are correct: A: We dont need to scan Cloudtrail logs, so this is good B: Excluding S3 that have public read is just wrong C: We have excluded cloudtrail logs S3, so scanning all S3 is not correct D: This is good E: <Amazon S3 buckets for application-specific purposes and to store AWS CloudTrail logs> means that these S3 buckets are used to store logs and for productions only. Therefore, there will be no production tag, because all of them are production S3 bukets
upvoted 1 times
...
a54b16f
3 months, 3 weeks ago
Selected Answer: AD
E sounds right, but the question is about how to optimize, so E would make sense it mentioned skipping non-prod log, or scan prod data only
upvoted 1 times
...
yuliaqwerty
3 months, 3 weeks ago
Selected Answer: AD
Answer AD
upvoted 1 times
...
ozansenturk
4 months ago
Selected Answer: AD
Don’t scan CloudTrail logs, Include objects by using the “last modified” criterion :https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/
upvoted 3 times
...
kabary
4 months ago
Selected Answer: AE
Answer is A & E.
upvoted 1 times
...
d262e67
4 months ago
Selected Answer: AD
Between D and E: Since the question didn't give any details I picked the broader option. Plus the question mentioned that the account is new, so the team would probably know when the account was created and they can use the last modified criteria. But nowhere mentions the organization's tagging policy. Maybe there is no production tag.
upvoted 1 times
...
csG13
4 months ago
Selected Answer: AE
It's A & E. See her for reference: https://aws.amazon.com/blogs/security/how-to-use-amazon-macie-to-reduce-the-cost-of-discovering-sensitive-data/
upvoted 2 times
...
komorebi
4 months ago
Selected Answer: AD
A and D is correct
upvoted 1 times
...
PrasannaBalaji
4 months ago
Selected Answer: BE
B and E is correct
upvoted 1 times
kabary
4 months ago
You need to include ONLY public ones for cost effective not exclude and hence A.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel