An organization is implementing a continuous compliance strategy. They need to ensure that all EBS volumes are encrypted, all S3 buckets block public access, SSH is not open to the world, and any non-compliant resources are automatically remediated. Which FOUR AWS services or features are required? (Select FOUR)

Answer options:

Amazon GuardDuty

AWS Config

AWS CloudTrail

AWS Config Rules

AWS WAF

AWS Systems Manager Automation

AWS Secrets Manager

AWS Security Hub

How to approach this question

Identify the AWS continuous compliance and remediation stack.

Full Answer

B,D,F,H

AWS Config records state. Config Rules evaluate compliance. Systems Manager Automation executes remediation. Security Hub aggregates these findings and provides standardized compliance frameworks.

Common mistakes

Selecting GuardDuty for configuration compliance.

Question 35 All questions Question 37

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →