Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam PAS-C01 Topic 2 Question 27 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 27
Topic #: 2
[All PAS-C01 Questions]

A company is running its SAP workload on AWS The company's security team has implemented the following requirements

* All Amazon EC2 instances for SAP must be SAP certified instance types

- Encryption must be enabled for all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes

* AWS CloudTrail must be activated

* SAP system parameters must be compliant with business rules

* Detailed monitoring must be enabled for all instances

The company wants to develop an automated process to review the systems for compliance with the security team's requirements. The process also must provide notification about any deviation from these standards

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-i/ https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-ii/


Contribute your Thoughts:

Raina
6 months ago
That's a good point. Maybe a combination of B and A could be the optimal solution.
upvoted 0 times
...
Galen
7 months ago
But shouldn't we also consider using AWS AppConfig to model configuration data for better automation?
upvoted 0 times
...
Raina
7 months ago
I agree with Macy. Those services provide a comprehensive solution for our requirements.
upvoted 0 times
...
Macy
7 months ago
Because using AWS Config managed rules, EventBridge, and SNS will help us monitor compliance and get notified of any deviations.
upvoted 0 times
...
Val
7 months ago
Why do you think so?
upvoted 0 times
...
Macy
7 months ago
I think option B is the best choice.
upvoted 0 times
...
Ernie
8 months ago
Haha, yeah, A does sound a bit like using a bazooka to kill a fly. I like the idea of the custom Config rules in D, that way we can tailor the checks to our specific needs. Although, I wonder if that might be a bit more work to set up initially.
upvoted 0 times
Olga
7 months ago
D) Use AWS Config managed rules to monitor for compliance with the requirements except for the SAP system parameters Create AWS Config custom rules to validate the SAP system parameters Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Theola
7 months ago
Although, I wonder if that might be a bit more work to set up initially.
upvoted 0 times
...
Solange
8 months ago
C) Use AWS Trusted Advisor to monitor for compliance with all the requirements Use Trusted Advisor preferences for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Milly
8 months ago
I like the idea of the custom Config rules in D, that way we can tailor the checks to our specific needs.
upvoted 0 times
...
Malinda
8 months ago
B) Use AWS Config managed rules to monitor for compliance with all the requirements Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Ronny
8 months ago
Haha, yeah, A does sound a bit like using a bazooka to kill a fly.
upvoted 0 times
...
Omer
8 months ago
A) Use AWS AppConfig to model configuration data in an AWS Systems Manager Automation runbook Schedule this Systems Manager Automation runbook to monitor for compliance with all the requirements integrate AWS AppConfig with Amazon CloudWatch for notification purposes
upvoted 0 times
...
...
Laurene
8 months ago
Hmm, I'm not too sure about C. Trusted Advisor is great for general AWS checks, but I don't think it would be able to handle the specific requirements around SAP system parameters and detailed monitoring. And A seems a bit overkill - do we really need to model the config data in AppConfig when we could just use Config rules?
upvoted 0 times
...
Page
8 months ago
I agree, B and D both look good. B uses AWS Config managed rules to monitor the requirements, and then leverages EventBridge and SNS for notifications. D is similar, but it also includes custom rules for the SAP system parameters, which is a nice touch.
upvoted 0 times
...
Maryann
8 months ago
Okay, so this is a pretty straightforward question, but there are a few things to consider. The key requirements here are monitoring compliance with the security team's standards and providing notification when there's a deviation. From what I can tell, options B and D seem like the best fits.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77