Topic 1 Question 9
A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days. Which solution will accomplish this?
Configure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
Configure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic.
Develop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
Configure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
ユーザの投票
コメント(6)
Tell me Why not D..
👍 1lqpO_Oqpl2023/04/04- 正解だと思う選択肢: C
C for me. A there no such functionality, B i checked trusted advisor there is no such kms days, d is aggregator for config, guardduty. So you need config for D
👍 1Dimidrol2023/04/05 - 正解だと思う選択肢: C
Looks like C, actually there is a managed rule for this: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html anyway trusted advisor cannot be used as there is no such check, also KMS does not have this action, security hub is not conducting any active checks just react to events
👍 1asfsdfsdf2023/04/06
シャッフルモード