Q28. A company plans to move regulated and security-sensitive businesses to AWS. The Security team is developing a framework to validate the adoption of AWS best practice and industryrecognized compliance standards. The AWS Management Console is the preferred method for teams to provision resources.
Which strategies should a Solutions Architect use to meet the business requirements and continuously assess audit and monitor the configurations of AWS resources? (Choose two.)
A.Use AWS Config rules to periodically audit changes to AWS resources and monitor the compliance of the configuration. Develop AWS Config custom rules using AWS Lambda to establish a testdriven development approach and further automate the evaluation of configuration changes against the required controls. B.Use Amazon CloudWatch Logs agent to collect all the AWS SDK logs. Search the log data using a pre- defined set of filter patterns that machines mutating API calls. Send notifications using Amazon CloudWatch alarms when unintended changes are performed. Archive log data by using a batch export to Amazon S3 and then Amazon Glacier for a long-term retention and auditability. C.Use AWS CloudTrail events to assess management activities of all AWS accounts. Ensure that CloudTrail is enabled in all accounts and available AWS services. Enable trails encrypt CloudTrail event log files with an AWS KMS key and monitor recorded activities with CloudWatch Logs. D.Use the Amazon CloudWatch Events near-real-time capabilities to monitor system events patterns and trigger AWS Lambda functions to automatically revert non-authorized changes in AWS resources. Also target Amazon SNS topics to enable notifications and improve the response time of incident responses. E.Use CloudTrail integration with Amazon SNS to automatically notify unauthorized API activities. Ensure that CloudTrail is enabled in all accounts and available AWS services.Evaluate the usage of Lambda functions to automatically revert non-authorized changes in AWS resources.正确答案AC
