Q78 — AWS DOP-C02 Ch.2

Question 78 of 100 | ← Chapter 2

A security team uses AWS CloudTrail to detect sensitive security issues in the company's AWS account. A DevOps engineer needs a solution to automatically remediate CloudTrail being disabled in the AWS account. Which solution ensures the shortest possible downtime for CloudTrail log delivery?

Correct Answer: A. Create an Amazon EventBridge rule that triggers on CloudTrail StopLogging events. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource where logging was stopped. Add the Lambda function ARN as the target of the EventBridge rule.

Explanation

This question tests how to automate continuous CloudTrail log delivery. AWS documentation states that interruptions in CloudTrail logging can impair security monitoring. Option A leverages EventBridge to capture CloudTrail StopLogging events in real time and triggers a Lambda function to immediately call StartLogging, achieving minimal downtime. Option B relies on AWS Config evaluations every hour, resulting in higher latency. Option C performs periodic polling but is not event-driven. Option D uses scheduled polling scripts, which are less efficient than event-driven mechanisms. Correct answer A uses an event-driven architecture to respond instantly upon a StopLogging event, eliminating polling delays.