SAP-C02 第 173 题
题目
A company needs to audit the security posture of a newly acquired AWS account. The company’s data security team requires a notification only when an Amazon S3 bucket becomes publicly exposed. The company has already established an Amazon Simple Notification Service (Amazon SNS) topic that has the data security team's email address subscribed. Which solution will meet these requirements?
中文翻译:
一家公司需要审核新收购的 AWS 账户的安全状况。仅当 Amazon S3 存储桶公开时,该公司的数据安全团队才需要通知。该公司已经建立了一个 Amazon Simple Notification Service (Amazon SNS) 主题,并订阅了数据安全团队的电子邮件地址。哪种解决方案可以满足这些要求?
选项
A. Create an S3 event notification on all S3 buckets for the isPublic event. Select the SNS topic as the target for the event notifications.
中文翻译:
在所有 S3 存储桶上为 isPublic 事件创建 S3 事件通知。选择 SNS 主题作为事件通知的目标。
B. Create an analyzer in AWS Identity and Access Management Access Analyzer. Create an Amazon EventBridge rule for the event type “Access Analyzer Finding” with a filter for “isPublic: true.” Select the SNS topic as the EventBridge rule target.
中文翻译:
在 AWS Identity and Access Management 访问分析器中创建分析器。为事件类型“访问分析器查找”创建 Amazon EventBridge 规则,并使用“isPublic: true”过滤器。选择 SNS 主题作为 EventBridge 规则目标。
C. Create an Amazon EventBridge rule for the event type “Bucket-Level API Call via CloudTrail” with a filter for “PutBucketPolicy.” Select the SNS topic as the EventBridge rule target.
中文翻译:
为事件类型“通过 CloudTrail 进行存储桶级 API 调用”创建 Amazon EventBridge 规则,并使用“PutBucketPolicy”过滤器。选择 SNS 主题作为 EventBridge 规则目标。
D. Activate AWS Config and add the cloudtrail-s3-dataevents-enabled rule. Create an Amazon EventBridge rule for the event type “Config Rules Re-evaluation Status” with a filter for “NON_COMPLIANT.” Select the SNS topic as the EventBridge rule target.
中文翻译:
激活 AWS Config 并添加 cloudtrail-s3-dataevents-enabled 规则。为事件类型“配置规则重新评估状态”创建 Amazon EventBridge 规则,并使用“NON_COMPLIANT”过滤器。选择 SNS 主题作为 EventBridge 规则目标。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 在 AWS Identity and Access Management 访问分析器中创建分析器。为事件类型“访问分析器查找”创建 Amazon EventBridge 规则,并使用“isPublic: true”过滤器。选择 SNS 主题作为 EventBridge 规则目标。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定...