Q83 — AWS DOP-C02 Ch.2

Question 83 of 100 | ← Chapter 2

A company requires developers to tag Amazon Elastic Block Store (Amazon EBS) volumes in the account to indicate required backup frequency, including volumes that require no backups. The company uses a custom tag named Backup_Frequency with values none, daily, or weekly. An audit found developers inconsistently applying the Backup_Frequency tag to EBS volumes. A DevOps engineer must ensure all EBS volumes always have the Backup_Frequency tag so the company performs backups at least weekly unless a different value is specified.

Correct Answer: B. Enable AWS Config in the account. Use a managed rule that returns a noncompliant result for EC2::Volume resources missing the backup frequency tag. Configure a remediation action using a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with value weekly.

Explanation

AWS Config continuously monitors resource compliance and supports automated remediation. The requirement is to ensure all EBS volumes carry the Backup_Frequency tag. Option B uses an AWS Config managed rule specifically targeting EC2::Volume resources; when the tag is missing, the rule reports noncompliance and triggers Systems Manager Automation to apply the default weekly value. Option A’s custom rule may cover broader EC2 resource types, not exclusively EBS volumes. Options C and D are event-driven and only react to CreateVolume or ModifyVolume API calls, failing to remediate pre-existing untagged volumes or tags manually removed later. AWS managed rules (e.g., required-tags) validate resource tags comprehensively across existing and newly created resources.