Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 8 Question 21 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 21
Topic #: 8
[All SCS-C02 Questions]

A company uses Amazon EC2 instances to host frontend services behind an Application Load Balancer. Amazon Elastic Block Store (Amazon EBS) volumes are attached to the EC2 instances. The company uses Amazon S3 buckets to store large files for images and music.

The company has implemented a security architecture oit>AWS to prevent, identify, and isolate potential ransomware attacks. The company now wants to further reduce risk.

A security engineer must develop a disaster recovery solution that can recover to normal operations if an attacker bypasses preventive and detective controls. The solution must meet an RPO of 1 hour.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


by Adela at Jun 24, 2024, 04:07 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Clorinda
1 months ago
C looks good, but I'm a bit worried about the manual intervention required for the recovery procedures in Security Hub. Automation is key for a fast RPO.
upvoted 0 times
Cordelia
22 days ago
A) Use AWS Backup to create backups of the EC2 instances and S3 buckets every hour. Create AWS CloudFormation templates that replicate existing architecture components. Use AWS CodeCommit to store the CloudFormation templates alongside application configuration code.
upvoted 0 times
...
...
Earnestine
1 months ago
Haha, D is like the 'nuclear option' - just blow away any infected instances and restore the latest snapshot. I wonder if that would actually work in a real-world scenario.
upvoted 0 times
...
Alba
1 months ago
I'm not a fan of B - relying on logs alone for automated response feels a bit risky. I'd prefer a solution that has more proactive recovery capabilities.
upvoted 0 times
Shantay
3 days ago
D) Create EBS snapshots every 4 hours Enable Amazon GuardDuty Malware Protection. Create automation to immediately restore the most recent snapshot for any EC2 instances that produce an Execution:EC2/MaliciousFile finding in GuardDuty.
upvoted 0 times
...
Weldon
4 days ago
C) Use Amazon Security Lake to create a centralized data lake for AWS CloudTrail logs and VPC flow logs. Use the logs for automated response Enable AWS Security Hub to establish a single location for recovery procedures. Create AWS CloudFormation templates that replicate existing architecture components. Use AWS CodeCommit to store the CloudFormation templates alongside application configuration code.
upvoted 0 times
...
Anthony
16 days ago
A) Use AWS Backup to create backups of the EC2 instances and S3 buckets every hour. Create AWS CloudFormation templates that replicate existing architecture components. Use AWS CodeCommit to store the CloudFormation templates alongside application configuration code.
upvoted 0 times
...
...
Chara
2 months ago
I'm not sure, but option D also seems like a good choice with EBS snapshots every 4 hours and GuardDuty Malware Protection.
upvoted 0 times
...
Jess
2 months ago
I disagree, I believe option C is better as it uses Security Hub for recovery procedures and creates a centralized data lake for logs.
upvoted 0 times
...
Cyril
2 months ago
Option A seems like the most comprehensive solution, with regular backups and version control for the infrastructure. I like how it covers both EC2 and S3 components.
upvoted 0 times
Lourdes
16 days ago
Micheal: Definitely, having version control for infrastructure is key in case of an attack.
upvoted 0 times
...
Roosevelt
19 days ago
User 3: It's good that they are also using CloudFormation templates for easy replication.
upvoted 0 times
...
Micheal
21 days ago
User 2: I agree, having backups every hour is crucial for minimizing data loss.
upvoted 0 times
...
Mari
30 days ago
User 1: Option A does seem like a solid choice for disaster recovery.
upvoted 0 times
...
...
Mari
2 months ago
I think option A is the best choice because it creates backups every hour and replicates the architecture components.
upvoted 0 times
...

Save Cancel