Topic 1 Question 254
A company gives its employees limited rights to AWS. DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.
How should this be accomplished?
Configure AWS Config to publish logs to an Amazon S3 bucket. Use Amazon Athena to query the logs and send a notification to the security team when the administrator role is assumed.
Configure Amazon GuardDuty to monitor when the administrator role is assumed and send a notification to the security team.
Create an Amazon EventBridge event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed.
Create an Amazon EventBridge events rule using an AWS API call that uses an AWS CloudTrail event pattern to invoke an AWS Lambda function that publishes a message to an Amazon SNS topic if the administrator role is assumed.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: D
Vote D. A is not near-real-time solution. B. GuardDuty is designed for threat detection. not for monitoring role assuming. C. while C use the EventBridge, it monitoring console sign-in event only. rather than API call for assuming roles.
👍 4ericphl2024/07/26 - 正解だと思う選択肢: D
Option D provides a robust and effective approach to tracking and alerting on the assumption of the administrator role by leveraging the power of AWS CloudTrail, Amazon EventBridge, AWS Lambda, and Amazon SNS.
Not Option C as Incorrect Event Pattern: This option specifies monitoring AWS Management Console sign-in events, which are unrelated to the AssumeRole API call used when assuming a role programmatically. It wouldn't detect role assumptions made through CLI or SDKs.
👍 4jamesf2024/07/30 - 正解だと思う選択肢: D
---> D
👍 2tgv2024/07/15
シャッフルモード