Topic 1 Question 82

AWS Certified Solutions Architect - Associate

Topic 1 Question 82
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate. What should a solutions architect recommend to meet this requirement?
- Add a rule in ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day, beginning 30 days before any certificate will expire.
- Create an AWS Config rule that checks for certificates that will expire within 30 days. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource.
- Use AWS Trusted Advisor to check for certificates that will expire within 30 days. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes. Configure the alarm to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).
- Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).
ユーザの投票
コメント(17)
- B AWS Config has a managed rule named acm-certificate-expiration-check to check for expiring certificates (configurable number of days)
  
  👍 34
  LeGloupier2022/10/17
- 正解だと思う選択肢: B
  https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-expiration/
  
  👍 9
  ManoAni2022/10/27
- 正解だと思う選択肢: D
  Option D is the best solution because it recommends using Amazon EventBridge to detect any certificates that will expire within 30 days. Amazon EventBridge provides a simple and scalable way to capture and route events from AWS services and third-party SaaS applications. In this case, an Amazon CloudWatch Events rule can be created to capture certificate expiration events, which will then trigger an AWS Lambda function. The Lambda function can be configured to send a custom alert through Amazon SNS to the security team. This solution is efficient, scalable, and addresses the requirement of notifying the security team 30 days before the certificate expiration.
  
  👍 2
  gx22222023/04/03
シャッフルモード

ユーザの投票

コメント(17)