A company needs to ensure that flow logs remain configured for all existing and new VPCs in its AWS account. The company uses an AWS CloudFormation stack to manage its VPCs. The company needs a solution that will work for any VPCs that any IAM user creates. Which solution will meet these requirements?

Topic #: - All AWS Certified DevOps Engineer - Professional DOP-C02 Questions

A. Add the AWS::EC2::FlowLog resource to the CloudFormation stack that creates the VPCs.
B. Create an organization in AWS Organizations. Add the company’s AWS account to the organization. Create an SCP to prevent users from modifying VPC flow logs.
C. Turn on AWS Config. Create an AWS Config rule to check whether VPC flow logs are turned on. Configure automatic remediation to turn on VPC flow logs.
D. Create an IAM policy to deny the use of API calls for VPC flow logs. Attach the IAM policy to all IAM users.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion