Amazon Exam SCS-C02 Topic 6 Question 27 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 27
Topic #: 6

A company's data scientists want to create artificial intelligence and machine learning (AI/ML) training models by using Amazon SageMaker. The training models will use large datasets in an Amazon S3 bucket. The datasets contain sensitive information.

On average. the data scientists need 30 days to train models. The S3 bucket has been secured appropriately The companfs data retention policy states that all data that is older than 45 days must be removed from the S3 bucket.

Which action should a security engineer take to enforce this data retention policy?

AConfigure an S3 Lifecycle rule on the S3 bucket to delete objects after 45 days.

BCreate an AWS Lambda function to check the last-modified date of the S3 objects and delete objects that are older than 45 days. Create an S3 event notification to invoke the Lambda function for each PutObject operation.

CCreate an AWS Lambda function to check the last-modified date of the S3 objects and delete objects that are older than 45 days. Create an Amazon EventBridge rule to invoke the Lambda function each month.

DConfigure S3 Intelligent-Ttering on the S3 bucket to automatically transition objects to another storage class.

Show Suggested Answer

Suggested Answer: B

For increased security while ensuring functionality, adjusting NACL3 to allow inbound traffic on port 5432 from the CIDR blocks of the application instance subnets, and allowing outbound traffic on ephemeral ports (1024-65536) back to those subnets creates a secure path for database access. Removing default allow-all rules enhances security by implementing the principle of least privilege, ensuring that only necessary traffic is permitted.

by Ressie at Sep 10, 2024, 01:55 PM

Limited Time Offer

25%

11 days ago

I think option A is the best choice. It's simple and directly enforces the data retention policy.

upvoted 0 times

...