A development team uses AWS CloudFormation to manage their infrastructure. They want to implement a CI/CD pipeline that automatically tests CloudFormation templates for security misconfigurations (like open security groups or unencrypted buckets) BEFORE the infrastructure is deployed. Which AWS tool should be integrated into the pipeline?

Answer options:

AWS Config

AWS CloudFormation Guard

AWS Security Hub

AWS Trusted Advisor

How to approach this question

Identify the tool designed for pre-deployment Infrastructure as Code (IaC) scanning.

Full Answer

B.AWS CloudFormation Guard✓ Correct

AWS CloudFormation Guard

AWS CloudFormation Guard is a policy-as-code evaluation tool that allows you to check your CloudFormation templates for compliance and security best practices before deployment, making it ideal for CI/CD integration.

Common mistakes

Choosing AWS Config, which is a post-deployment detective control.

Question 49 All questions Question 51

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...Hard Q02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...Medium Q03An e-commerce company requires a multi-region active-active architecture for its critical order p...Medium Q04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...Hard Q05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium

View all 75 questions →