Q1 — AWS DOP-C02 Ch.3

Question 1 of 100 | ← Chapter 3

A company grants limited access to airline loyalty programs to its employees. DevOps engineers need the ability to assume administrator roles. To track this, the security team wants to receive near-real-time notifications when an administrator role is assumed.

Correct Answer: D. Develop an AWS Lambda function triggered by an AWS CloudTrail event pattern that publishes a message to an Amazon SNS topic when an administrator role is assumed.

Explanation

The correct solution must provide near-real-time, automated notification upon role assumption. Option D uses AWS CloudTrail to capture IAM role assumption API events (e.g., AssumeRole), routes matching events via Amazon EventBridge (using event patterns), and triggers an AWS Lambda function to publish to Amazon SNS—fully satisfying the event-driven, low-latency requirement. AWS documentation explicitly recommends this CloudTrail + EventBridge + Lambda pattern for real-time security monitoring. Option A introduces latency (S3 log delivery + Athena querying) and is not event-driven. Option B incorrectly references 'Amazon GuardDuty'—a service that detects threats but does not monitor role assumptions. Option C misuses the console sign-in event pattern, which only covers console logins—not programmatic role assumptions via APIs.