Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon PAS-C01 Exam - Topic 2 Question 27 Discussion

A company is running its SAP workload on AWS The company's security team has implemented the following requirements* All Amazon EC2 instances for SAP must be SAP certified instance types- Encryption must be enabled for all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes* AWS CloudTrail must be activated* SAP system parameters must be compliant with business rules* Detailed monitoring must be enabled for all instancesThe company wants to develop an automated process to review the systems for compliance with the security team's requirements. The process also must provide notification about any deviation from these standardsWhich solution will meet these requirements?
D) Use AWS Config managed rules to monitor for compliance with the requirements except for the SAP system parameters Create AWS Config custom rules to validate the SAP system parameters Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Sen/ice (Amazon SNS) for email notification when a resource is flagged as noncompliant
A) Use AWS AppConfig to model configuration data in an AWS Systems Manager Automation runbook Schedule this Systems Manager Automation runbook to monitor for compliance with all the requirements integrate AWS AppConfig with Amazon CloudWatch for notification purposes
B) Use AWS Config managed rules to monitor for compliance with all the requirements Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
C) Use AWS Trusted Advisor to monitor for compliance with all the requirements Use Trusted Advisor preferences for email notification when a resource is flagged as noncompliant

Amazon PAS-C01 Exam - Topic 2 Question 27 Discussion

Actual exam question for Amazon's PAS-C01 exam
Question #: 27
Topic #: 2
[All PAS-C01 Questions]

A company is running its SAP workload on AWS The company's security team has implemented the following requirements

* All Amazon EC2 instances for SAP must be SAP certified instance types

- Encryption must be enabled for all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes

* AWS CloudTrail must be activated

* SAP system parameters must be compliant with business rules

* Detailed monitoring must be enabled for all instances

The company wants to develop an automated process to review the systems for compliance with the security team's requirements. The process also must provide notification about any deviation from these standards

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-i/ https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-ii/


by Judy at Feb 12, 2024, 12:15 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Alecia
6 months ago
I’m surprised there’s no mention of IAM roles in these options!
upvoted 0 times
...
Michal
7 months ago
A is interesting, but I think B is more straightforward.
upvoted 0 times
...
Colette
7 months ago
Wait, can AWS Config really handle SAP parameters?
upvoted 0 times
...
Pete
7 months ago
I agree, B covers all the requirements nicely!
upvoted 0 times
...
Brett
7 months ago
B seems like the best option for compliance monitoring.
upvoted 0 times
...
Dana
7 months ago
I’m a bit confused about the differences between AWS AppConfig and AWS Config. I think I might have seen a similar question where Config was the right choice for compliance.
upvoted 0 times
...
Donette
8 months ago
I feel like Trusted Advisor is more about best practices rather than compliance checks. I’m leaning towards option D since it mentions custom rules for SAP.
upvoted 0 times
...
Leah
8 months ago
I think option B sounds familiar because it mentions managed rules, which we practiced in class. But I wonder if it can handle the SAP parameters too.
upvoted 0 times
...
Trevor
8 months ago
I remember studying AWS Config for compliance monitoring, but I'm not sure if it covers all the requirements listed here.
upvoted 0 times
...
Becky
8 months ago
This is a solid question. I like how it covers a real-world scenario with specific security requirements. I'd focus on understanding the AWS services and how they can be used together to build a comprehensive compliance monitoring solution.
upvoted 0 times
...
Leonora
8 months ago
Hmm, I'm a bit unsure about the SAP system parameters requirement. That seems a bit more complex than the other checks. I'll need to research how to create custom AWS Config rules for that.
upvoted 0 times
...
German
8 months ago
This looks like a straightforward compliance monitoring question. I'd start by reviewing the requirements and identifying the key AWS services that can help address them.
upvoted 0 times
...
Irma
8 months ago
Okay, I think I've got a good handle on this. AWS Config managed rules can cover most of the requirements, and we can use EventBridge and SNS for notifications. The custom rule for SAP parameters is the trickier part, but I'm confident I can figure that out.
upvoted 0 times
...
Ricarda
8 months ago
Hmm, I'm not entirely sure about this one. The question mentions alerts and warning messages for multiple failed login attempts, so I'm thinking it might be related to that. I'll have to re-read the question carefully to decide.
upvoted 0 times
...
Ruth
8 months ago
I feel pretty confident on this one. Based on my understanding of VMware Cloud Director, the virtual machines need to use the VMware Tools in order to be properly integrated and customized. So I'm going to select option A.
upvoted 0 times
...
Maile
8 months ago
Ah, this is an easy one. The purpose of comments in web development is to explain the code to other developers, so they can understand what's going on. I'm going with option C.
upvoted 0 times
...
Raina
2 years ago
That's a good point. Maybe a combination of B and A could be the optimal solution.
upvoted 0 times
...
Galen
2 years ago
But shouldn't we also consider using AWS AppConfig to model configuration data for better automation?
upvoted 0 times
...
Raina
2 years ago
I agree with Macy. Those services provide a comprehensive solution for our requirements.
upvoted 0 times
...
Macy
2 years ago
Because using AWS Config managed rules, EventBridge, and SNS will help us monitor compliance and get notified of any deviations.
upvoted 0 times
...
Val
2 years ago
Why do you think so?
upvoted 0 times
...
Macy
2 years ago
I think option B is the best choice.
upvoted 0 times
...
Ernie
2 years ago
Haha, yeah, A does sound a bit like using a bazooka to kill a fly. I like the idea of the custom Config rules in D, that way we can tailor the checks to our specific needs. Although, I wonder if that might be a bit more work to set up initially.
upvoted 0 times
Olga
2 years ago
D) Use AWS Config managed rules to monitor for compliance with the requirements except for the SAP system parameters Create AWS Config custom rules to validate the SAP system parameters Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Theola
2 years ago
Although, I wonder if that might be a bit more work to set up initially.
upvoted 0 times
...
Solange
2 years ago
C) Use AWS Trusted Advisor to monitor for compliance with all the requirements Use Trusted Advisor preferences for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Milly
2 years ago
I like the idea of the custom Config rules in D, that way we can tailor the checks to our specific needs.
upvoted 0 times
...
Malinda
2 years ago
B) Use AWS Config managed rules to monitor for compliance with all the requirements Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant
upvoted 0 times
...
Ronny
2 years ago
Haha, yeah, A does sound a bit like using a bazooka to kill a fly.
upvoted 0 times
...
Omer
2 years ago
A) Use AWS AppConfig to model configuration data in an AWS Systems Manager Automation runbook Schedule this Systems Manager Automation runbook to monitor for compliance with all the requirements integrate AWS AppConfig with Amazon CloudWatch for notification purposes
upvoted 0 times
...
...
Laurene
2 years ago
Hmm, I'm not too sure about C. Trusted Advisor is great for general AWS checks, but I don't think it would be able to handle the specific requirements around SAP system parameters and detailed monitoring. And A seems a bit overkill - do we really need to model the config data in AppConfig when we could just use Config rules?
upvoted 0 times
...
Page
2 years ago
I agree, B and D both look good. B uses AWS Config managed rules to monitor the requirements, and then leverages EventBridge and SNS for notifications. D is similar, but it also includes custom rules for the SAP system parameters, which is a nice touch.
upvoted 0 times
...
Maryann
2 years ago
Okay, so this is a pretty straightforward question, but there are a few things to consider. The key requirements here are monitoring compliance with the security team's standards and providing notification when there's a deviation. From what I can tell, options B and D seem like the best fits.
upvoted 0 times
...

Save Cancel