SAP-C02 学习助手

SAP-C02 第 219 题

S3 EC2 EBS SNS Organizations CloudTrail CloudWatch Config

题目

A company has set up its entire infrastructure on AWS. The company uses Amazon EC2 instances to host its ecommerce website and uses Amazon S3 to store static data. Three engineers at the company handle the cloud administration and development through one AWS account. Occasionally, an engineer alters an EC2 security group configuration of another engineer and causes noncompliance issues in the environment. A solutions architect must set up a system that tracks changes that the engineers make. The system must send alerts when the engineers make noncompliant changes to the security settings for the EC2 instances. What is the FASTEST way for the solutions architect to meet these requirements?

中文翻译:
一家公司已在 AWS 上建立了整个基础设施。该公司使用 Amazon EC2 实例托管其电子商务网站,并使用 Amazon S3 存储静态数据。该公司的三名工程师通过一个 AWS 账户负责云管理和开发。有时,工程师会更改另一位工程师的 EC2 安全组配置,并导致环境中出现不合规问题。解决方案架构师必须建立一个系统来跟踪工程师所做的更改。当工程师对 EC2 实例的安全设置进行不合规的更改时,系统必须发送警报。解决方案架构师满足这些要求的最快方法是什么?

选项

A. Set up AWS Organizations for the company. Apply SCPs to govern and track noncompliant security group changes that are made to the AWS account.

中文翻译:
为公司设置 AWS Organizations。应用 SCP 来管理和跟踪对 AWS 账户进行的不合规安全组更改。

B. Enable AWS CloudTrail to capture the changes to EC2 security groups. Enable Amazon CloudWatch rules to provide alerts when noncompliant security settings are detected.

中文翻译:
启用 AWS CloudTrail 以捕获对 EC2 安全组的更改。启用 Amazon CloudWatch 规则,以便在检测到不合规的安全设置时提供警报。

C. Enable SCPs on the AWS account to provide alerts when noncompliant security group changes are made to the environment.

中文翻译:
启用 AWS 账户上的 SCP,以便在对环境进行不合规的安全组更改时提供警报。

D. Enable AWS Config on the EC2 security groups to track any noncompliant changes. Send the changes as alerts through an Amazon Simple Notification Service (Amazon SNS) topic.

中文翻译:
在 EC2 安全组上启用 AWS Config 以跟踪任何不合规的更改。通过 Amazon Simple Notification Service (Amazon SNS) 主题将更改作为警报发送。

答案

D

解析

正确答案:D 解析: 本题应选择 D。 正确选项: D. 在 EC2 安全组上启用 AWS Config 以跟踪任何不合规的更改。通过 Amazon Simple Notification Service (Amazon SNS) 主题将更改作为警报发送。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO...

登录后查看完整解析