Q12 — AWS ANS-C01 Ch.1
Question 12 of 100 | ← Chapter 1
A company’s network engineer builds and tests network designs for VPCs in a development account. The company needs to monitor the changes that are made to network resources and must ensure strict compliance with network security policies. The company also needs access to the historical configurations of network resources. Which solution will meet these requirements?
- A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with a custom pattern to monitor the account for changes. Configure the rule to invoke an AWS Lambda function to identify noncompliant resources. Update an Amazon DynamoDB table with the changes that are identified.
- B. Create custom metrics from Amazon CloudWatch logs. Use the metrics to invoke an AWS Lambda function to identify noncompliant resources. Update an Amazon DynamoDB table with the changes that are identified.
- C. Record the current state of network resources by using AWS Cong. Create rules that reflect the desired configuration settings. Set remediation for noncompliant resources. ✓
- D. Record the current state of network resources by using AWS Systems Manager Inventory. Use Systems Manager State Manager to enforce the desired configuration settings and to carry out remediation for noncompliant resources.
Correct Answer: C. Record the current state of network resources by using AWS Cong. Create rules that reflect the desired configuration settings. Set remediation for noncompliant resources.
Explanation
AWSConfig(选项C)是AWS提供的用于评估、审计和确保AWS资源符合安全、合规性和操作最佳实践的服务。它允许用户记录资源的当前状态,定义资源的理想配置,并自动执行不符合规则的资源的补救。对于需要监控网络资源变更、确保网络安全策略严格遵守以及访问历史配置的需求,AWSConfig提供了全面的解决方案。而AmazonEventBridge(AmazonCloudWatchEvents)主要用于事件路由,AmazonCloudWatch用于监控和警报,AWSLambda用于无服务器计算,AmazonDynamoDB用于NoSQL数据库服务,它们各自的功能并不直接满足题目中的所有要求。AWSSystemsManagerInventory和StateManager(D选项的部分)虽然也涉及资源管理和配置,但AWSConfig提供了更直接和全面的解决方案来满足题目描述的需求。因此,答案是C。 查看全部