Topic 1 Question 267
A company uses a collaboration application. A security engineer needs to configure automated alerts from AWS Security Hub in the us-west-2 Region for the application. The security engineer wants to receive an alert in a channel in the application every time Security Hub receives a new finding.
The security engineer creates an AWS Lambda function to convert the message to the format that the application requires. The Lambda function also sends the message to the application’s API. The security engineer configures a corresponding Amazon EventBridge rule that specifies the Lambda function as the target.
After the EventBridge rule is implemented, the channel begins to constantly receive alerts from Security Hub. Many of the alerts are Amazon Inspector alerts that do not require any action. The security engineer wants to stop the Amazon Inspector alerts.
Which solution will meet this requirement with the LEAST operational effort?
Update the Lambda function code to find pattern matches of events from Amazon Inspector and to suppress the findings.
Create a Security Hub custom action that automatically sends findings from all services except Amazon Inspector to the EventBridge event bus.
Modify the value of the ProductArn attribute in the event pattern of the EventBridge rule to “anything-but”: [“arn:aws:securityhub:us-west-2::product/aws/inspector”].
Create an Amazon Simple Notification Service (Amazon SNS) topic to send messages to the application. Set a filter policy on the topic subscriptions to reject any messages that contain the product/aws/inspector string.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
Filtra os eventos do Amazon Inspector diretamente na regra do EventBridge, sem a necessidade de alterar o código da função Lambda ou criar novos recursos. Reduz o esforço operacional e garante que apenas os eventos relevantes sejam enviados para o canal de alertas.
👍 1kairosfc2025/02/20
シャッフルモード