ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 157 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 157
Topic #: 1
[All AWS Certified Security - Specialty Questions]

Auditors for a health care company have mandated that all data volumes be encrypted at rest. Infrastructure is deployed mainly via AWS CloudFormation; however, third-party frameworks and manual deployment are required on some legacy systems.
What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?

  • A. On a recurring basis, update all IAM user policies to require that EC2 instances are created with an encrypted volume.
  • B. Configure an AWS Config rule to run on a recurring basis for volume encryption.
  • C. Set up Amazon Inspector rules for volume encryption to run on a recurring schedule.
  • D. Use CloudWatch Logs to determine whether instances were created with an encrypted volume.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Using AWS Config Rules, you can run continuous assessment checks on your resources to verify that they comply with your own security policies, industry best practices, and compliance regimes such as PCI/HIPAA. For example, AWS Config provides a managed AWS Config Rules to ensure that encryption is turned on for all EBS volumes in your account. You can also write a custom AWS Config Rule to essentially ג€codifyג€ your own corporate security policies. AWS Config alerts you in real time when a resource is misconfigured, or when a resource violates a particular security policy.
Reference:
https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
by PeppaPig at Aug. 29, 2020, 6:13 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
PeppaPig
Highly Voted 3 years, 9 months ago
B is correct 100% sure
upvoted 19 times
ucsdmiami2020
3 years, 7 months ago
To support answer B, use the reference https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf "For example, AWS Config provides a managed AWS Config Rules to ensure that encryption is turned on for all EBS volumes in your account."
upvoted 12 times
...
...
Raphaello
Most Recent 1 year, 3 months ago
Selected Answer: B
B is the correct answer.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
AWS config can be used to maintain compliance, since it monitors for changes against the desired state. In this case, we need to ensure data at rest for the volumes.
upvoted 1 times
...
xaocho
2 years, 11 months ago
Selected Answer: B
just B
upvoted 1 times
...
kiev
3 years, 7 months ago
config deals with change in resources and therefore it is the right answer.B
upvoted 4 times
...
deegadaze1
3 years, 8 months ago
B 4 sure !
upvoted 2 times
...
Awraith
3 years, 9 months ago
B is correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel