ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 294 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 294
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is implementing new compliance requirements to meet customer needs. According to the new requirements, the company must not use any Amazon RDS DB instances or DB clusters that lack encryption of the underlying storage. The company needs a solution that will generate an email alert when an unencrypted DB instance or DB cluster is created. The solution also must terminate the unencrypted DB instance or DB cluster.

Which solution will meet these requirements in the MOST operationally efficient manner?

  • A. Create an AWS Config managed rule to detect unencrypted RDS storage. Configure an automatic remediation action to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.
  • B. Create an AWS Config managed rule to detect unencrypted RDS storage. Configure a manual remediation action to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.
  • C. Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters. Configure the rule to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic that includes an AWS Lambda function and an email delivery target as subscribers. Configure the Lambda function to delete the unencrypted resource.
  • D. Create an Amazon EventBridge rule that evaluates RDS event patterns and is initiated by the creation of DB instances or DB clusters. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to publish messages to an Amazon Simple Notification Service (Amazon SNS) topic and to delete the unencrypted resource.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Pmktechno at Jan. 6, 2025, 1:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
itsjunukim
1 month, 2 weeks ago
Selected Answer: A
AWS Config Managed Rule + Automatic Remediation
upvoted 2 times
...
Kaps443
1 month, 4 weeks ago
Selected Answer: A
If your focus is speed + simplicity + automation with the least code, ✅ A is the winner.
upvoted 3 times
...
AWSLoverLoverLoverLoverLover
3 months, 2 weeks ago
Selected Answer: A
Why not the other options? B (Manual remediation with AWS Config): Less efficient because it requires manual intervention to invoke the Lambda function. C & D (EventBridge-based solutions): EventBridge is useful for event-driven responses but does not continuously monitor compliance like AWS Config. Additionally, these options do not leverage AWS Config's built-in remediation capabilities.
upvoted 3 times
...
FredTIAN
3 months, 2 weeks ago
Selected Answer: C
The answer should be C?
upvoted 3 times
barracouto
3 weeks, 4 days ago
Why? Its more complex and the question asks for the MOST operationally efficient solution.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel