Q25 — AWS DOP-C02 Ch.1

Question 25 of 100 | ← Chapter 1

A DevOps engineer wants to implement an automated response when AWS Trusted Advisor detects IAM access keys in public source code repositories. The automated response should delete exposed access keys and notify the security team.

Correct Answer: D. Create an AWS Lambda function to delete IAM access keys. Create an Amazon EventBridge (Amazon CloudWatch Events) rule using the 'aws.trustedadvisor' event source and the 'Exposed Access Keys' status. Configure the EventBridge (CloudWatch Events) rule to invoke the Lambda function and publish to an Amazon SNS topic for notifying the security team.

Explanation

AWS Trusted Advisor can detect IAM access keys in public source code repositories and trigger automated responses. To meet the DevOps engineer's requirement of automatically deleting exposed access keys and notifying the security team, a solution must respond to Trusted Advisor detection events. Option D correctly uses Amazon EventBridge to capture Trusted Advisor events and route them to both a Lambda function and an SNS topic—enabling both remediation and notification in a single, native, serverless workflow. Other options misapply CloudTrail, AWS Config, or Personal Health Dashboard, none of which natively emit Trusted Advisor findings as actionable events.