Q24 — AWS DOP-C02 Ch.3

Question 24 of 100 | ← Chapter 3

The security team relies on AWS CloudTrail to detect sensitive security issues in the company’s AWS accounts. A DevOps engineer needs a solution to automatically remediate CloudTrail being disabled in AWS accounts. Which solution ensures the shortest possible downtime for CloudTrail log delivery?

Correct Answer: A. Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource where StopLogging was invoked. Add the Lambda function ARN as the target of the EventBridge rule.

Explanation

To minimize CloudTrail downtime, remediation must be near real-time. EventBridge natively detects CloudTrail StopLogging API calls instantly and triggers Lambda immediately—achieving sub-second remediation. Option A uses this direct, event-driven approach. Option B introduces up to 1-hour delay due to AWS Config’s periodic evaluation. Option C adds up to 5-minute latency. Option D introduces infrastructure overhead, polling inefficiency, and potential delays—violating the 'shortest downtime' requirement.