Answer-first summary for fast verification
Answer: Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
The correct answer is B. AWS Config allows you to enforce compliance by using Config rules and automates the remediation of noncompliant resources via AWS Systems Manager Automation documents. This ensures that all S3 buckets conform to the company's security requirements, such as enabling encryption, logging, and versioning, and preventing public read or write access.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company utilizes Amazon S3 for storing proprietary data, with the development team routinely creating new S3 buckets for various projects. The security team mandates that all S3 buckets, both current and future, must have encryption, logging, and versioning features enabled. Furthermore, they stipulate that no S3 buckets should be configured for public read or write access. What measures should a DevOps engineer implement to comply with these security requirements?
A
Enable AWS CloudTrail and configure automatic remediation using AWS Lambda.
B
Enable AWS Config rules and configure automatic remediation using AWS Systems Manager documents.
C
Enable AWS Trusted Advisor and configure automatic remediation using Amazon EventBridge.
D
Enable AWS Systems Manager and configure automatic remediation using Systems Manager documents.
No comments yet.