Topic 1 Question 182
2 つ選択A company has secured the AWS account root user for its AWS account by following AWS best practices. The company also has enabled AWS CloudTrail, which is sending its logs to Amazon S3. A security engineer wants to receive notification in near-real time if a user uses the AWS account root user credentials to sign in to the AWS Management Console
Which solutions will provide this notification?
Use AWS Trusted Advisor and its security evaluations for the root account. Configure an Amazon EventBridge event rule that is invoked by the Trusted Advisor API. Configure the rule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe any required endpoints to the SNS topic so that these endpoints can receive notification.
Use AWS IAM Access Analyzer. Create an Amazon Cloud Watch Logs metric filter to evaluate log entries from Access Analyzer that detect a successful root account login. Create an Amazon CloudWatch alarm that monitors whether a root login has occurred. Configure the CloudWatch alarm to notify an Amazon Simple Notification Service (Amazon SNS) topic when the alarm enters the ALARM state. Subscribe any required endpoints to this SNS topic so that these endpoints can receive notification.
Configure AWS CloudTrail to send its logs to Amazon CloudWatch Logs. Configure a metric filter on the CloudWatch Logs log group used by CloudTrail to evaluate log entries for successful root account logins. Create an Amazon CloudWatch alarm that monitors whether a root login has occurred. Configure the CloudWatch alarm to notify an Amazon Simple Notification Service (Amazon SNS) topic when the alarm enters the ALARM state. Subscribe any required endpoints to this SNS topic so that these endpoints can receive notification.
Configure AWS CloudTrail to send log notifications to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function that parses the CloudTrail notification for root login activity and notifies a separate SNS topic that contains the endpoints that should receive notification. Subscribe the Lambda function to the SNS topic that is receiving log notifications from CloudTrail.
Configure an Amazon EventBridge event rule that runs when Amazon CloudWatch API calls are recorded for a successful root login. Configure the rule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe any required endpoints to the SNS topic so that these endpoints can receive notification.
ユーザの投票
コメント(5)
I think CE should be the answer
👍 2mikelord2024/10/03- 正解だと思う選択肢: CE
The correct answers are C and E
- Option C is correct because using CloudTrail with CloudWatch Logs and setting up a metric filter and alarm will detect and alert for root login events effectively.
- E is also correct as EventBridge can capture specific root login events through CloudTrail and trigger an SNS notification, providing near-real-time alerts.
Why Other Options Are Incorrect:
- A is incorrect because AWS Trusted Advisor does not provide real-time alerts specifically for root login events; it is more of a best practice and configuration monitoring tool.
- B is incorrect because IAM Access Analyzer does not monitor root login events. It's primarily for access policy analysis.
- D is incorrect because CloudTrail alone does not provide log notifications to SNS without additional steps like CloudWatch Logs and Lambda integration.
👍 2gjurro2024/10/24 - 正解だと思う選択肢: CE
NOT D!!! C & E are correct option
CloudTrail to SNS with Lambda function: While this option can work, it involves more complexity than necessary (Lambda to parse and notify SNS). Options C and E are more direct and cost-effective for near-real-time notifications.
👍 2mzeynalli2024/11/13
シャッフルモード