Topic 1 Question 538

AWS Certified Developer - Associate

Topic 1 Question 538
A company generates SSL certificates from a third-party provider. The company imports the certificates into AWS Certificate Manager (ACM) to use with public web applications.

A developer must implement a solution to notify the company’s security team 90 days before an imported certificate expires. The company already has configured an Amazon Simple Queue Service (Amazon SQS) queue. The company also has configured an Amazon Simple Notification Service (Amazon SNS) topic that has the security team’s email address as a subscriber.

Which solution will provide the security team with the required notification about certificates?
- Create an Amazon EventBridge rule that specifies the ACM Certificate Approaching Expiration event type. Set the SNS topic as the EventBridge rule’s target.
- Create an AWS Lambda function to search for all certificates that are expiring within 90 days. Program the Lambda function to send each identified certificate’s Amazon Resource Name (ARN) in a message to the SQS queue.
- Create an AWS Step Functions workflow that is invoked by each certificate’s expiration notification from AWS CloudTrail. Create an AWS Lambda function to send each certificate's Amazon Resource Name (ARN) in a message to the SQS queue.
- Configure AWS Config with the acm-certificate-expiration-check managed rule to run every 24 hours. Create an Amazon EventBridge rule that includes an event pattern that specifies the Config Rules Compliance Change detail type and the configured rule. Set the SNS topic as the EventBridge rule’s target.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: A
  Amazon EventBridge can capture events such as the expiration of SSL certificates imported into AWS Certificate Manager (ACM). The specific event type you are interested in is the ACM Certificate Approaching Expiration event, which is triggered when a certificate in ACM is approaching its expiration date. EventBridge allows you to define rules for such events and trigger actions such as sending a notification to an SNS topic.
  
  👍 2
  e8868352025/02/06
- 正解だと思う選択肢: D
  Aunque Amazon EventBridge puede capturar ciertos eventos de ACM, en la práctica el evento ACM Certificate Approaching Expiration se genera únicamente para certificados emitidos y administrados por ACM. Los certificados importados, que son aquellos generados por terceros y luego importados a ACM, no generan ese evento. Por ello, utilizar una regla de EventBridge para capturar el evento de expiración no funcionaría para certificados importados, lo que hace que la opción A no cumpla con el requisito en este caso.
  
  👍 2
  italiancloud20252025/02/17
- 正解だと思う選択肢: D
  A resposta correta é:D. A. Errado, porque esse evento só é gerado para certificados emitidos pelo ACM. Como a empresa está usando certificados importados, esse evento nunca será disparado. B. Ineficiente, pois exigiria que o Lambda varresse manualmente todos os certificados periodicamente. O AWS Config já faz isso automaticamente. C. Errado, porque o AWS CloudTrail não gera eventos de expiração de certificados no ACM.
  
  👍 1
  Dadasar2025/03/04
シャッフルモード

ユーザの投票

コメント(3)