Q5 — AWS DOP-C02 Ch.2
Question 5 of 100 | ← Chapter 2
A highly regulated company has established a policy stating that DevOps engineers must not log in to Amazon EC2 instances unless an emergency occurs. If DevOps engineers do log in, the security team must be notified within 15 minutes of the event.
- A. Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon EventBridge notifications. Invoke an AWS Lambda function to check whether the message relates to a user login. If so, send a notification to the security team using Amazon SNS.
- B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up CloudWatch metric filters to search for user login events. If a login is found, send a notification to the security team using Amazon SNS. ✓
- C. Configure AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis. Attach an AWS Lambda function to Kinesis to parse and determine whether logs contain user login events. If so, send a notification to the security team using Amazon SNS.
- D. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Configure an S3 event to invoke an AWS Lambda function that runs an Amazon Athena query. The Athena query checks for logins and sends output to the security team using Amazon SNS.
Correct Answer: B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up CloudWatch metric filters to search for user login events. If a login is found, send a notification to the security team using Amazon SNS.
Explanation
xmexam.taobao.com