Q1 — AWS DOP-C02 Ch.3
Question 1 of 100 | ← Chapter 3
A company grants limited access to airline loyalty programs to its employees. DevOps engineers need the ability to assume administrator roles. To track this, the security team wants to receive near-real-time notifications when an administrator role is assumed.
- A. Configure AWS Config to publish logs to an Amazon S3 bucket. Use Amazon Athena to query logs and send notifications to the security team when an administrator role is assumed.
- B. Configure Amazon GuardDuty to monitor when administrator roles are assumed and send notifications to the security team.
- C. Create an Amazon EventBridge rule using the AWS Management Console sign-in event pattern to publish a message to an Amazon SNS topic when an administrator role is assumed.
- D. Develop an AWS Lambda function triggered by an AWS CloudTrail event pattern that publishes a message to an Amazon SNS topic when an administrator role is assumed. ✓
Correct Answer: D. Develop an AWS Lambda function triggered by an AWS CloudTrail event pattern that publishes a message to an Amazon SNS topic when an administrator role is assumed.
Explanation
The correct solution must provide near-real-time, automated notification upon role assumption. Option D uses AWS CloudTrail to capture IAM role assumption API events (e.g., AssumeRole), routes matching events via Amazon EventBridge (using event patterns), and triggers an AWS Lambda function to publish to Amazon SNS—fully satisfying the event-driven, low-latency requirement. AWS documentation explicitly recommends this CloudTrail + EventBridge + Lambda pattern for real-time security monitoring. Option A introduces latency (S3 log delivery + Athena querying) and is not event-driven. Option B incorrectly references 'Amazon GuardDuty'—a service that detects threats but does not monitor role assumptions. Option C misuses the console sign-in event pattern, which only covers console logins—not programmatic role assumptions via APIs.