AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
You have been asked to create an AWS Config rule to detect noncompliant AWS resources related to a specific security policy. Describe the steps you would take to create this rule, including any necessary prerequisites, and provide an example of a security policy that could be enforced by this rule.
You have been asked to create an AWS Config rule to detect noncompliant AWS resources related to a specific security policy. Describe the steps you would take to create this rule, including any necessary prerequisites, and provide an example of a security policy that could be enforced by this rule.
Explanation:
The most detailed and comprehensive approach is to use the AWS CLI, which provides greater flexibility and automation in creating and managing the rule. Additionally, enabling AWS Config and defining the rule parameters are necessary prerequisites. The example provided demonstrates a specific security policy that could be enforced by this rule, such as requiring all EC2 instances to have disk encryption enabled.