Explanation:
AWS Config is the correct service to monitor resource configurations. The s3-bucket-logging-enabled managed rule identifies buckets without logging. Using an AWS Systems Manager (SSM) Automation runbook for remediation is more operationally efficient than writing and maintaining a custom Lambda function, as SSM provides pre-built runbooks like AWS-ConfigureS3BucketLogging for common tasks.
Ultimate access to all questions.
Question #19\n\nA CloudOps engineer must ensure that all of a company's current and future Amazon S3 buckets have logging enabled. If an S3 bucket does not have logging enabled, an automated process must enable logging for the S3 bucket.\nWhich solution will meet these requirements?
A
Use AWS Trusted Advisor to perform a check for S3 buckets that do not have logging enabled. Configure the check to enable logging for S3 buckets that do not have logging enabled.
B
Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled.
C
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.
D
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLogging AWS Systems Manager Automation runbook to enable logging.
E
None of the above
F
Not Applicable
No comments yet.