aws-certified-sysops-administrator-associate-soa-c02 question 81 discussion

View all AWS Certified SysOps Administrator - Associate (SOA-C02) here
back to amazon forum

Question 81

A large company is using AWS Organizations to manage hundreds of AWS accounts across multiple AWS Regions. The
company has turned on AWS Config throughout the organization.
The company requires all Amazon S3 buckets to block public read access. A SysOps administrator must generate a monthly
report that shows all the S3 buckets and whether they comply with this requirement.
Which combination of steps should the SysOps administrator take to collect this data? (Choose two.)

  • A. Create an AWS Config aggregator in an aggregator account. Use the organization as the source. Retrieve the compliance data from the aggregator.
  • B. Create an AWS Config aggregator in each account. Use an S3 bucket in an aggregator account as the destination. Retrieve the compliance data from the S3 bucket.
  • C. Edit the AWS Config policy in AWS Organizations. Use the organizations management account to turn on the S3-bucket- public-read-prohibited rule for the entire organization.
  • D. Use the AWS Config compliance report from the organizations management account. Filter the results by resource, and select Amazon S3.
  • E. Use the Aws Config API to apply the s3-bucket-public-read-prohibited rule in all accounts for all available Regions.
Answer:

B D


Explanation:
Reference: https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html
https://docs.aws.amazon.com/config/latest/developerguide/looking-up-discovered-resources.html

User Votes:
A 1 votes
50%
B 1 votes
50%
C 1 votes
50%
D 1 votes
50%
E
50%
Discussions
0 / 1000