SCS-C03 · Question #86
SCS-C03 Question #86: Real Exam Question with Answer & Explanation
The correct answer is D: Use the AWS Config managed rule that assesses the log group retention period. Ensure that. AWS Config provides managed rules that can assess various configurations, including the retention period of CloudWatch Logs log groups. By enabling the appropriate AWS Config managed rule to check if the log groups have a retention period of 90 days, the company can automatically
Question
A company needs to retain data that is stored in Amazon CloudWatch Logs log groups. The company must retain this data for 90 days. The company must receive notification in AWS Security Hub when log group retention is not compliant with this requirement. Which solution will provide the appropriate notification?
Options
- ACreate a Security Hub custom action to assess the log group retention period.
- BCreate a data protection policy in CloudWatch Logs to assess the log group retention period.
- CCreate a Security Hub automation rule. Configure the automation rule to assess the log group
- DUse the AWS Config managed rule that assesses the log group retention period. Ensure that
Explanation
AWS Config provides managed rules that can assess various configurations, including the retention period of CloudWatch Logs log groups. By enabling the appropriate AWS Config managed rule to check if the log groups have a retention period of 90 days, the company can automatically monitor compliance with this requirement. Integrating AWS Config with AWS Security Hub allows non-compliant findings to be sent to Security Hub, providing the necessary notifications when the retention period is not compliant.
Community Discussion
No community discussion yet for this question.