Amazon Exam PAS-C01 Topic 2 Question 27 Discussion

Actual exam question for Amazon's PAS-C01 exam

Question #: 27
Topic #: 2

[All PAS-C01 Questions]

A company is running its SAP workload on AWS The company's security team has implemented the following requirements

* All Amazon EC2 instances for SAP must be SAP certified instance types

- Encryption must be enabled for all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes

* AWS CloudTrail must be activated

* SAP system parameters must be compliant with business rules

* Detailed monitoring must be enabled for all instances

The company wants to develop an automated process to review the systems for compliance with the security team's requirements. The process also must provide notification about any deviation from these standards

Which solution will meet these requirements?

AUse AWS AppConfig to model configuration data in an AWS Systems Manager Automation runbook Schedule this Systems Manager Automation runbook to monitor for compliance with all the requirements integrate AWS AppConfig with Amazon CloudWatch for notification purposes

BUse AWS Config managed rules to monitor for compliance with all the requirements Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Service (Amazon SNS) for email notification when a resource is flagged as noncompliant

CUse AWS Trusted Advisor to monitor for compliance with all the requirements Use Trusted Advisor preferences for email notification when a resource is flagged as noncompliant

DUse AWS Config managed rules to monitor for compliance with the requirements except for the SAP system parameters Create AWS Config custom rules to validate the SAP system parameters Use Amazon EventBridge (Amazon CloudWatch Events) and Amazon Simple Notification Sen/ice (Amazon SNS) for email notification when a resource is flagged as noncompliant

Show Suggested Answer

Suggested Answer: D

https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-i/ https://aws.amazon.com/blogs/awsforsap/audit-your-sap-systems-with-aws-config-part-ii/

by Judy at Feb 12, 2024, 12:15 PM

Limited Time Offer

25%

Off

Get Premium PAS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ernie

8 days ago

Haha, yeah, A does sound a bit like using a bazooka to kill a fly. I like the idea of the custom Config rules in D, that way we can tailor the checks to our specific needs. Although, I wonder if that might be a bit more work to set up initially.

upvoted 0 times

...

Laurene

10 days ago

Hmm, I'm not too sure about C. Trusted Advisor is great for general AWS checks, but I don't think it would be able to handle the specific requirements around SAP system parameters and detailed monitoring. And A seems a bit overkill - do we really need to model the config data in AppConfig when we could just use Config rules?

upvoted 0 times

...

Page

10 days ago

I agree, B and D both look good. B uses AWS Config managed rules to monitor the requirements, and then leverages EventBridge and SNS for notifications. D is similar, but it also includes custom rules for the SAP system parameters, which is a nice touch.

upvoted 0 times

...

Maryann

12 days ago

Okay, so this is a pretty straightforward question, but there are a few things to consider. The key requirements here are monitoring compliance with the security team's standards and providing notification when there's a deviation. From what I can tell, options B and D seem like the best fits.

upvoted 0 times

...