SCS-C02 Question #33: Real Exam Question with Answer & Explanation

Question

A company has an organization in AWS Organizations. The company wants to use AWS CloudFormation StackSets in the organization to deploy various AWS design patterns into environments. These patterns consist of Amazon EC2 instances, Elastic Load Balancing (ELB) load balancers, Amazon RDS databases, and Amazon Elastic Kubernetes Service (Amazon EKS) clusters or Amazon Elastic Container Service (Amazon ECS) clusters. Currently, the company's developers can create their own CloudFormation stacks to increase the overall speed of delivery. A centralized CI/CD pipeline in a shared services AWS account deploys each CloudFormation stack. The company's security team has already provided requirements for each service in accordance with internal standards. If there are any resources that do not comply with the internal standards, the security team must receive notification to take appropriate action. The security team must implement a notification solution that gives developers the ability to maintain the same overall delivery speed that they currently have. Which solution will meet these requirements in the MOST operationally efficient way?

Options

• ACreate an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security
• BCreate an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security
• CCreate an Amazon Simple Notification Service (Amazon SNS) topic and an Amazon Simple
• DCreate a centralized CloudFormation stack set that includes a standard set of resources that the

Explanation

You can use cfn-guard automatically as part of a CI/CD pipeline to stop deployment of non- compliant resources. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html

No community discussion yet for this question.