ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Big Data - Specialty All Questions

View all questions & answers for the AWS Certified Big Data - Specialty exam
Go to Exam

Exam AWS Certified Big Data - Specialty topic 1 question 17 discussion

Exam question from Amazon's AWS Certified Big Data - Specialty
Question #: 17
Topic #: 1
[All AWS Certified Big Data - Specialty Questions]

A data engineer wants to use an Amazon Elastic Map Reduce for an application. The data engineer needs to make sure it complies with regulatory requirements. The auditor must be able to confirm at any point which servers are running and which network access controls are deployed.
Which action should the data engineer take to meet this requirement?

  • A. Provide the auditor IAM accounts with the SecurityAudit policy attached to their group.
  • B. Provide the auditor with SSH keys for access to the Amazon EMR cluster.
  • C. Provide the auditor with CloudFormation templates.
  • D. Provide the auditor with access to AWS DirectConnect to use their existing tools.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by muhsin at Aug. 14, 2019, 6:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
muhsin
Highly Voted 3 years, 10 months ago
It is A. you can check it from https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor at the option C, there is not any information about cloudformation templates.
upvoted 6 times
...
pra276
Highly Voted 3 years, 10 months ago
cloudformation templates only provide the information about what was deployed not about what is currently running, so best answer is A
upvoted 5 times
exams
3 years, 10 months ago
A look most appropriate
upvoted 2 times
...
...
exam_da
Most Recent 3 years, 8 months ago
answer is A
upvoted 1 times
...
Debi_mishra
3 years, 8 months ago
C is wrong, template doesn't provide whats implemented. Its A
upvoted 1 times
...
menthlo
3 years, 8 months ago
A , obviously
upvoted 1 times
...
srirampc
3 years, 8 months ago
answer is C. auditor wants to know about the servers and (roles) associated with them, not how people in the group have their security policies like in "IAM accounts with the SecurityAudit policy attached to their group". If you have to know how servers are deployed cloudformation is the way.
upvoted 1 times
...
jxj
3 years, 9 months ago
Between A and C, A is more correct way to get a security auditor to start the process. https://kevinslin.com/aws/aws_account_access_policies/#
upvoted 1 times
...
jiedee
3 years, 9 months ago
It is A.
upvoted 1 times
...
drneon
3 years, 9 months ago
The SecurityAudit policy has a permission about checking cloudformation documents already. So, answer is A ^^
upvoted 3 times
...
san2020
3 years, 9 months ago
my selection A
upvoted 2 times
...
ME2000
3 years, 9 months ago
Option C is valid The template is a blueprint that provides intend servers and network access controls. And by checking resource drift status can find current status against intend status.
upvoted 1 times
...
M2
3 years, 9 months ago
A looks right bcoz c will not tell you about running servers.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel