Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Security – Specialty Practice Exam question – looking for clarification

  • Practice Exam question – looking for clarification

  • john-buckley

    February 20, 2023 at 6:47 pm

    Hi, Had a question on one of the Security Specialty practice exam questions. Its in the section based area on Logging and Monitoring.

    The question was number 15 in the test that I took, although I suspect the order is changed on each attempt. It relates to the use of AWS Config to test for VPCs that do not have flow logs enabled.

    The correct answer (per TD) is to create a Config rule to check whether VPC flow logs are enabled. Then if they arent, have Config trigger a lambda to enable the VPC flow logs. However it looks like there is a remediation option in Config that will enable the VPC flow logs without the need for a Lambda. This was the answer I selected.

    Can you advise which is correct please? Region is us-east-1.

  • Carlo-TutorialsDojo

    February 22, 2023 at 2:10 am

    Hello John,

    Thanks for your feedback.

    I think the ff question is the one you’re referring to.

    You are managing your development AWS Account where several teams are using it to test their applications. All VPCs created on the account should have VPC Flow Logs enabled and the logs must be sent to a central S3 bucket for audit purposes. Since several teams created their own VPCs for testing, it is difficult for you to track all VPCs and enable VPC Flow Logs. The solution should easily detect the noncompliant resources and automatically enable the VPC Flow Logs.
    Which of the following action will help you ensure that VPC Flow Logs are enabled on all VPCs on your AWS account?

    In the question, there was no mention of a remediation action but rather a Config rule that supposedly will take corrective action, which is incorrect, because Config rules just evaluate. There are different ways of implementing a remediation action. The correct answer is just one of them. The one that you showed is another way, and it uses SSM documents to run the action. I understand how the option you selected may have been presented confusingly. To address this, we will be updating the wording of the question to make it clearer and more straightforward.

    Thank you for bringing this to our attention.


    Carlo @ Tutorials Dojo

  • john-buckley

    March 10, 2023 at 1:11 am

    Thanks Carlos for the clarification!

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018