Topic 1 Question 257
A company stores sensitive data in AWS Secrets Manager. A security engineer needs to design a solution to generate a notification email when anomalous GetSecretValue API calls occur. The security engineer has configured an Amazon EventBridge rule for all Secrets Manager events that AWS CloudTrail delivers.
Which solution will meet these requirements?
Configure CloudTrail as the target of the EventBridge rule. Set up an attribute filter on the IncomingBytes attribute and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudTrail alarm that uses the SNS topic to send the notification.
Configure CloudTrail as the target of the EventBridge rule. Set up an attribute filter on the IncomingBytes attribute and enable anomaly detection. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure a CloudTrail alarm that uses the SQS queue to send the notification.
Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Set up a metric filter on the IncomingBytes metric and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm that uses the SNS topic to send the notification.
Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Use CloudWatch Logs Insights query syntax to search for anomalous GetSecretValue API calls. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure a CloudWatch alarm that uses the SQS queue to send the notification.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
C - using built-in anomaly detection in cloudwatch based on the volume of "what is being logged itself" https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Monitoring-CloudWatch-Metrics.html#cwl-metrics https://medium.com/cyberark-engineering/unlocking-the-power-of-amazon-cloudwatch-anomaly-detection-for-secrets-manager-27a7ffd66498
👍 1723993f2024/11/25 - 正解だと思う選択肢: C
C. Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Set up a metric filter on the IncomingBytes metric and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm that uses the SNS topic to send the notification.
EventBridge Rule and CloudWatch Logs: By configuring CloudWatch Logs as the target of the EventBridge rule, you can capture and store all relevant logs for further analysis.
Metric Filter and Anomaly Detection: Setting up a metric filter on the IncomingBytes metric enables detailed monitoring and anomaly detection for specific API call patterns, such as the GetSecretValue API.
SNS Topic for Notifications: Creating an SNS topic ensures that alerts are sent out immediately when an anomaly is detected. CloudWatch alarms can be configured to trigger notifications via SNS, providing timely alerts to the security team.
👍 1IPLogic2024/12/05 - 正解だと思う選択肢: C
amazing feature, which I had no idea existed.
👍 1TareDHakim2025/01/05
シャッフルモード