Topic 1 Question 126

AWS Certified DevOps Engineer - Professional

Topic 1 Question 126
A highly regulated company has a policy that DevOps engineers should not log in to their Amazon EC2 instances except in emergencies. If a DevOps engineer does log in, the security team must be notified within 15 minutes of the occurrence.

Which solution will meet these requirements?
- Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon EventBridge notifications. Invoke an AWS Lambda function to check if a message is about user logins. If it is, send a notification to the security team using Amazon SNS.
- Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found, send a notification to the security team using Amazon SNS.
- Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis. Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login. If it does, send a notification to the security team using Amazon SNS.
- Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up an S3 event to invoke an AWS Lambda function, which invokes an Amazon Athena query to run. The Athena query checks for logins and sends the output to the security team using Amazon SNS.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
  Subtle difference Cloudtrail is "near" realtime - You can use subscriptions to get access to a real-time feed of log events from CloudWatch Logs and have it delivered to other services such as an Amazon Kinesis stream, an Amazon Kinesis Data Firehose stream, or AWS Lambda for custom processing, analysis, or loading to other systems.
  
  👍 2
  Mail19642023/05/23
- i think its C, Both B&C solutions are valid and can meet the requirement of notifying the security team within 15 minutes of a DevOps engineer logging into an EC2 instance.
  
  However, there are some differences in how quickly each solution can detect and notify the security team of a login event.
  
  The CloudTrail-based solution can detect a login event more quickly than the CloudWatch-based solution because CloudTrail captures API events in near-real-time, while CloudWatch logs may have a delay of a few minutes before they appear in the log group. Therefore, the CloudTrail-based solution is more likely to meet the 15-minute notification requirement.
  
  👍 1
  2pk2023/05/13
- B is the right answer
  
  👍 1
  devnv2023/05/15
シャッフルモード

ユーザの投票

コメント(4)