New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 8 Question 25 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 25
Topic #: 8
[All SCS-C02 Questions]

A company uses AWS Organizations to manage a multi-accountAWS environment in a single AWS Region. The organization's management account is named management-01. The company has turned on AWS Config in all accounts in the organization. The company has designated an account named security-01 as the delegated administra-tor for AWS Config.

All accounts report the compliance status of each account's rules to the AWS Config delegated administrator account by using an AWS Config aggregator. Each account administrator can configure and manage the account's own AWS Config rules to handle each account's unique compliance requirements.

A security engineer needs to implement a solution to automatically deploy a set of 10 AWS Config rules to all existing and future AWS accounts in the organiza-tion. The solution must turn on AWS Config automatically during account crea-tion.

Which combination of steps will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: D

To ensure minimal latency and regional availability of secrets, encrypting secrets in us-east-1 with a customer-managed KMS key and then replicating them to us-west-1 for encryption with the same key is the optimal approach. This method leverages customer-managed KMS keys for enhanced control and ensures that secrets are available in both regions, adhering to disaster recovery principles and minimizing latency by using regional endpoints.


by Daron at Aug 06, 2024, 06:12 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Brett
3 months ago
I’m not sure about D; activating AWS Config through StackSets sounds risky.
upvoted 0 times
...
Noelia
3 months ago
A is also a good option if you want more control over the rules.
upvoted 0 times
...
Truman
3 months ago
Wait, can you really deploy a conformance pack from the management account?
upvoted 0 times
...
Terina
4 months ago
I agree, B is definitely a solid choice!
upvoted 0 times
...
Pearlie
4 months ago
B and D seem like the best options here.
upvoted 0 times
...
Harrison
4 months ago
I vaguely remember that conformance packs are specifically designed for compliance management. So, I think option C could be a viable choice, but I need to double-check the details on deployment from the management account.
upvoted 0 times
...
Lashaunda
4 months ago
I practiced a similar question where we had to automate AWS Config setup. I think option D sounds familiar, but I’m not completely confident about whether it’s the best approach here.
upvoted 0 times
...
Donte
4 months ago
I'm a bit unsure about whether we should use the management account or the delegated admin account for deployment. I feel like both options could work, but I need to recall more about StackSets.
upvoted 0 times
...
Huey
5 months ago
I remember studying about AWS Config and how conformance packs can help manage compliance across accounts. I think option B might be the right choice for deploying those rules.
upvoted 0 times
...
Audrie
5 months ago
I feel pretty confident that A and B are the best solutions here. Using CloudFormation StackSets or a conformance pack will allow us to easily deploy the Config rules across the organization.
upvoted 0 times
...
Janine
5 months ago
The key here is that we need to leverage the delegated administrator account for AWS Config. That means options C and E are likely not the right approach, since we want to deploy from the security-01 account.
upvoted 0 times
...
Shelia
5 months ago
I'm a bit confused by the difference between using CloudFormation StackSets versus a conformance pack. I'll need to research those options more to understand the pros and cons.
upvoted 0 times
...
Lizbeth
5 months ago
Okay, let's see. We need to deploy a set of AWS Config rules to all accounts, and also turn on AWS Config automatically during account creation. I'm thinking options A and D might be the way to go.
upvoted 0 times
...
Sage
5 months ago
This looks like a tricky one. I'll need to carefully review the requirements and think through the different options.
upvoted 0 times
...
Matilda
5 months ago
I think the key here is that the benefits to the customer (the construction companies) are an essential part of justifying the project. If the training doesn't provide value to them, then ABC Company won't see the benefits they're hoping for either. So including the customer's benefits makes sense to me.
upvoted 0 times
...
Casie
5 months ago
Okay, I've got this. The answer has to be C - group terrorism. That's the only one that matches the description of needing organization, recruitment, and leadership.
upvoted 0 times
...
Jules
5 months ago
I'm a bit confused by this question. The options don't seem to be directly related to associating a domain user account. I'll have to re-read the question and the options more closely to figure this out.
upvoted 0 times
...
Carol
10 months ago
Haha, I'm imagining the security engineer trying to find the perfect 10 Config rules to deploy. Like, 'Hmm, should we go with the classic 'S3 Bucket Versioning' and 'RDS Encryption' rules, or do we need to get a little wild and crazy?'
upvoted 0 times
Madelyn
9 months ago
A: Sounds like a solid plan to automate the deployment of AWS Config rules across all accounts in the organization.
upvoted 0 times
...
Erick
9 months ago
B: Yeah, and we can also create a conformance pack with the rules and deploy it from the security-01 account.
upvoted 0 times
...
Fernanda
10 months ago
A: Let's go with option A and create a CloudFormation template with the 10 required rules in the security-01 account.
upvoted 0 times
...
...
Cecil
10 months ago
I'm just wondering, does the CloudFormation template in D or E have to include the 10 required Config rules, or is that handled separately? I want to make sure I have the right understanding.
upvoted 0 times
Melita
10 months ago
B) That's correct. You would create a conformance pack that contains the 10 required AWS Config rules and deploy it from the security-01 account.
upvoted 0 times
...
Gerald
10 months ago
D) No, the CloudFormation template in D or E does not have to include the 10 required Config rules. The rules are handled separately.
upvoted 0 times
...
...
Delsie
10 months ago
I agree with Jesusita. B and D are the way to go. Deploying the conformance pack from the security-01 account and automating the Config activation makes the most sense.
upvoted 0 times
...
Scarlet
10 months ago
I'm not sure, but maybe we should also consider creating an AWS CloudFormation template in the management-01 account.
upvoted 0 times
...
Salena
11 months ago
I agree with Deandrea. That seems like the best option to automatically deploy the AWS Config rules.
upvoted 0 times
...
Sherita
11 months ago
Hmm, I'm not sure about D. Wouldn't it be better to use the management-01 account to deploy the CloudFormation template and activate AWS Config? That way, it's done from the central management account.
upvoted 0 times
Cecil
9 months ago
B: Definitely. Let's go with option E for deploying the CloudFormation template and activating AWS Config.
upvoted 0 times
...
Ronny
9 months ago
A: So, we both think option E is the way to go then?
upvoted 0 times
...
Lucy
10 months ago
B: Yeah, I agree. Using the management-01 account for deployment seems like a more centralized approach.
upvoted 0 times
...
Elin
10 months ago
A: I think option E makes more sense. It's better to activate AWS Config from the central management account.
upvoted 0 times
...
...
Jesusita
11 months ago
I think B and D are the right steps to meet the requirements. Deploying the conformance pack from the security-01 account and using CloudFormation StackSets to activate AWS Config seem like the most efficient approach.
upvoted 0 times
...
Deandrea
11 months ago
I think we should create a conformance pack from the security-01 account.
upvoted 0 times
...

Save Cancel