ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam ANS-C00 All Questions

View all questions & answers for the ANS-C00 exam
Go to Exam

Exam ANS-C00 topic 1 question 97 discussion

Exam question from Amazon's ANS-C00
Question #: 97
Topic #: 1
[All ANS-C00 Questions]

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The network engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?

  • A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
  • B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
  • C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
  • D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by pechung1206 at May 7, 2020, 9:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pechung1206
Highly Voted 3 years, 8 months ago
A - Guard Duty is not for this use case: https://aws.amazon.com/guardduty/
upvoted 16 times
...
guruguru
Highly Voted 3 years, 7 months ago
A. use config to check the changes.
upvoted 8 times
...
FireTv
Most Recent 2 years, 10 months ago
Selected Answer: A
A --> AWS config
upvoted 1 times
...
neta1o
2 years, 11 months ago
Selected Answer: A
A seems to be the best solution. IAM lockdown, Cloudtrail/Config to track.
upvoted 1 times
...
Royce341
3 years, 2 months ago
Selected Answer: A
A is the answer
upvoted 2 times
...
sapien45
3 years, 3 months ago
Whomever changed that security group in Production lost his job. If only AWS CloudConfig was configured,
upvoted 2 times
...
hugo1111
3 years, 5 months ago
Selected Answer: A
A...Why it always give wrong answer...
upvoted 1 times
...
ceros399
3 years, 5 months ago
Selected Answer: A
A; you need Aws Config for the configuration changes and auditing.
upvoted 1 times
...
AlirezaNetWorld
3 years, 6 months ago
A is correct
upvoted 1 times
...
Stec1980
3 years, 7 months ago
A, none of the other services (CodeCommitt, Macie or GuardDuty) would tell you what you need to know, whereas AWS Config would.
upvoted 2 times
...
SilverT
3 years, 7 months ago
A is my take.
upvoted 4 times
...
[Removed]
3 years, 7 months ago
A for me too. That is not how I understand guardduty's use cases
upvoted 5 times
...
skjs
3 years, 8 months ago
A for me
upvoted 5 times
...
LexyA
3 years, 8 months ago
A is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel