Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

▶️ Save $3 OFF ALL CCP, SAA, CDA, and SysOps Video Courses

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified DevOps Engineer Professional I have been doing practice test exam and need help with this quesiton

  • I have been doing practice test exam and need help with this quesiton

     Irene-TutorialsDojo updated 6 days, 21 hours ago 2 Members · 2 Posts
    AWS Certified DevOps Engineer Professional

  • Nauman Jamil Qazi

    Member
    May 6, 2025 at 9:56 am

    <b data-stringify-type=”bold”>Category: DOP – Monitoring and Logging
    A multinational company has assigned its security operations team the task of monitoring all actions and API calls across multiple AWS accounts, which are consolidated under a single AWS Organizations setup. The company requires that AWS CloudTrail records all API calls across the organization. To ensure continuous monitoring, users in any account must be prevented from disabling or deleting the CloudTrail configuration. Additionally, the security team needs to identify and address insecure web traffic configurations while maintaining a secure and comprehensive audit trail for compliance and security purposes.The right answer is marked as
    “Implement a Service Control Policy (SCP) to deny the actions <code data-stringify-type=”code”>cloudtrail:StopLogging, <code data-stringify-type=”code”>cloudtrail:DeleteTrail, and related operations for all users across all Organizational Units (OUs).”
    However, this answer ignore this => the security team needs to identify and address insecure web traffic configurations while maintaining a secure and comprehensive audit trail for compliance and security purposes

  • Irene-TutorialsDojo

    Administrator
    May 7, 2025 at 1:10 pm

    Hi Nauman Jamil Qazi,

    Thank you for reaching out.

    You are correct in pointing out that the answer does not fully address identifying and addressing insecure web traffic configurations. The answer only focuses on preventing the disabling of CloudTrail via the Service Control Policy (SCP), but it misses the requirement to monitor and secure web traffic configurations.

    To fully meet the requirements, the solution should also include monitoring insecure web traffic configurations, which can be done using AWS Config combined with CloudTrail. AWS Config can track and manage resource configurations, helping detect insecure settings like open ports or misconfigured security groups.

    We’ve updated the question to reflect this correction and will be updating the portal shortly.

    Thank you for your feedback, and we appreciate your understanding!

    Best,

    Irene @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content