SCS-C02 · Question #114
SCS-C02 Question #114: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #114. The question stem and answer options stay visible for context.
Question
A company needs to improve its ability to identify and prevent IAM policies that grant public access or cross-account access to resources. The company has implemented AWS Organizations and has started using AWS Identity and Access Management Access Analyzer to refine overly broad access to accounts in the organization. A security engineer must automate a response in the company's organization for any newly created policies that are overly permissive. The automation must remediate external access and must notify the company's security team. Which combination of steps should the security engineer take to meet these requirements? (Choose three.)
Options
- ACreate an AWS Step Functions state machine that checks the resource type in the finding and
- BCreate an AWS Batch job that forwards any resource type findings to an AWS Lambda function.
- CIn Amazon EventBridge, create an event rule that matches active IAM Access Analyzer findings
- DIn Amazon CloudWatch, create a metric filter that matches active IAM Access Analyzer findings
- ECreate an Amazon Simple Queue Service (Amazon SQS) queue. Configure the queue to forward
- FCreate an Amazon Simple Notification Service (Amazon SNS) topic for external or cross-account
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.