Q114. A company has a requirement that only allows specially hardened AMIs to be launched into public subnets in a VPC and for the AMIs to be associated with a specific security group. Allowing non-compliant instances to launch

欢迎免费使用小程序搜题/刷题/查看解析,提升学历,成考自考报名,论文代写、论文查重请加客服微信skr-web


Q114. A company has a requirement that only allows specially hardened AMIs to be launched into public subnets in a VPC and for the AMIs to be associated with a specific security group. Allowing non-compliant instances to launch into the public subnet could present a significant security risk if they are allowed to
Operate. A mapping of approved AMIs to subnets to security groups exists in an Amazon DynamoDB table in the same AWS account. The company created an AWS Lambda function that when invoked will terminate a given Amazon EC2 instance if the combination of AMI subnet and security group are not approved in the DynamoDB table.What should the Solutions Architect do to MOST quickly mitigate the risk of compliance deviations?

A.Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched using one of the allowed AMIs and associate it with the Lambda function as the target.
B.For the Amazon S3 bucket receiving the Aws CloudTrail logs create an S3 event notification configuration with a filter to match when logs contain the ec2:RunInstances action and associate it with the Lambda function as the target.
C.Enable AWS CloudTrail and configure it to stream to an Amazon CloudWatch Logs group.Create a metric filter in CloudWatch to match when the ec2:RunInstances action occurs and trigger the Lambda function when the metric is greater than 0.
D.Create an Amazon CloudWatch Events rule that matches each time an EC2 instance is launched and associate it with the Lambda function as the target.
正确答案D
访客
邮箱
网址

通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作


  • 自动写文案
  • 自动写小说
  • 马上扫码让Ai帮你完成工作
通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作

  • 自动写论文
  • 自动写软件
  • 我不是人,但是我比人更聪明,我是强大的Ai
Top