Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam DOP-C01 Topic 12 Question 88 Discussion

Actual exam question for Amazon's DOP-C01 exam
Question #: 88
Topic #: 12
[All DOP-C01 Questions]

A company requires its internal business teams to launch resources through pre-approved AWS CloudFormation templates only. The security team requires automated monitoring when resources drift from their expected state.

Which strategy should be used to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Sylvia at Mar 15, 2024, 05:57 PM

Limited Time Offer

25%

Off

Get Premium DOP-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Cherrie
8 months ago
That's true, Tayna. AWS Config rules could provide additional benefits for monitoring.
upvoted 0 times
...
Tayna
8 months ago
I think option B might also work well. AWS Config rules can be really powerful for monitoring resource drift.
upvoted 0 times
...
Mari
8 months ago
I agree with Cherrie. Option A seems like the most straightforward solution for this scenario.
upvoted 0 times
...
Cherrie
8 months ago
I think option A is the best choice. Using CloudFormation drift detection would be really helpful.
upvoted 0 times
...
Salome
8 months ago
That's true, but I still think option A is more efficient for this scenario.
upvoted 0 times
...
Corazon
8 months ago
But what about option B? Using AWS Config rules could provide more detailed monitoring.
upvoted 0 times
...
Rossana
9 months ago
I agree, option A seems to be the most straightforward way to meet both requirements.
upvoted 0 times
...
Salome
9 months ago
I think option A is the best choice because it allows users to deploy through CloudFormation and uses drift detection.
upvoted 0 times
...
Mee
10 months ago
Ooh, good catch! I'd say the template constraint is probably the way to go, since it allows you to enforce the use of a specific CloudFormation template. That way, you know the resources are being deployed exactly as expected.
upvoted 0 times
...
Valentin
10 months ago
Yeah, those options definitely seem like the way to go. I'm curious about the difference between using a launch constraint versus a template constraint though. Gotta make sure we're picking the right one.
upvoted 0 times
Sherill
9 months ago
A) Allow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.
upvoted 0 times
...
Vallie
9 months ago
That makes sense. A template constraint would probably ensure a more standardized deployment across the company.
upvoted 0 times
...
Stephaine
9 months ago
D) Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a template constraint Use Amazon EventBridge (Amazon CloudWatch Events) notifications to detect when resources have drifted from their expected state.
upvoted 0 times
...
Kelvin
9 months ago
I think using a launch constraint would restrict the choice of templates users can pick, while a template constraint would enforce the structure of the selected template.
upvoted 0 times
...
Ressie
10 months ago
C) Allow users to deploy CloudFormation stacks using AWS Service Catalog only Enforce the use of a launch constraint Use AWS Config rules to detect when resources have drifted from their expected state.
upvoted 0 times
...
Chan
10 months ago
B) Allow users to deploy CloudFormation stacks using a CloudFormation service role only. Use AWS Config rules to detect when resources have drifted from their expected state.
upvoted 0 times
...
Delsie
10 months ago
A) Allow users to deploy Cloud Formation stacks using a CloudFormation service role only. Use CloudFormation drift detection to detect when resources have drifted from their expected state.
upvoted 0 times
...
...
Denae
10 months ago
Exactly! And the use of AWS Config rules or Amazon EventBridge notifications to detect drift is a nice touch. Covers all the bases.
upvoted 0 times
...
Nieves
10 months ago
Haha, nice try, but I don't think the security team is going to go for that. They're pretty serious about this stuff, you know? Better to play by the rules and avoid any unwanted surprises down the line.
upvoted 0 times
...

Save Cancel