Topic 1 Question 117
3 つ選択A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-Region AWS CloudTrail trail in the AWS account.
Which combination of steps will meet these requirements?
Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser.
Configure CloudTrail to send a notification for the CreateUser event to an Amazon Simple Notification Service (Amazon SNS) topic.
Invoke a container that runs in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access.
Invoke an AWS Step Functions state machine to remove access.
Use Amazon Simple Notification Service (Amazon SNS) to notify the security team.
Use Amazon Pinpoint to notify the security team.
ユーザの投票
コメント(8)
- 正解だと思う選択肢: ADE
Event Bus (EventBridge) system to receive event notification (Option A). Step function can get triggered with workflow of doing steps like removing access and sending email etc..(Option D, E)
EventBridge enables you to create event rules that match events from different sources, such as AWS services, SaaS applications, custom applications, and other AWS accounts. Once an event rule is triggered, EventBridge can route the event to one or more targets, such as AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, or custom HTTP endpoints.
AWS Step Functions supports several AWS services, such as AWS Lambda, Amazon Simple Notification Service (SNS), and Amazon Simple Queue Service (SQS). You can use these services to trigger actions and pass data between steps in your state machine.
Pinpoint is chat system which question did not ask, F is wrong. Not C as
👍 7God_Is_Love2023/03/07 - 正解だと思う選択肢: ADE
This is the correct answer because it follows these steps:
A: The first step is to create an EventBridge rule that listens for the specific API call to create a new IAM user. This will trigger the next step in the process.
D: The next step is to use an AWS Step Functions state machine to remove access for the new IAM user. This ensures that access is removed automatically, as required by the security team.
E: Finally, use Amazon SNS to notify the security team that a new user has been created and access has been removed. This allows the security team to review and approve the user as necessary.
Option B is not correct because CloudTrail alone is not able to remove access for the new user.
Option C is not correct because it is not specified in the question that the company is using Amazon Elastic Container Service and AWS Fargate technology.
Option F is not correct because the question specifies that the company should use Amazon SNS to notify the security team, not Amazon Pinpoint.
👍 2masetromain2023/01/15 ADE are correct
👍 1zhangyu200002023/01/15
シャッフルモード