Q24 — AWS DOP-C02 Ch.3
Question 24 of 100 | ← Chapter 3
The security team relies on AWS CloudTrail to detect sensitive security issues in the company’s AWS accounts. A DevOps engineer needs a solution to automatically remediate CloudTrail being disabled in AWS accounts. Which solution ensures the shortest possible downtime for CloudTrail log delivery?
- A. Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource where StopLogging was invoked. Add the Lambda function ARN as the target of the EventBridge rule. ✓
- B. Deploy the AWS-managed CloudTrail-enabled AWS Config rule, configured for a 1-hour periodic evaluation. Create an Amazon EventBridge rule for AWS Config rule compliance changes. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource where StopLogging was invoked. Add the Lambda function ARN as the target of the EventBridge rule.
- C. Create an Amazon EventBridge rule for a scheduled event every 5 minutes. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the CloudTrail trail in the AWS account. Add the Lambda function ARN as the target of the EventBridge rule.
- D. Launch a t2.nano instance that runs a script every 5 minutes using the AWS SDK to query CloudTrail status in the current account. If the CloudTrail trail is disabled, have the script re-enable it.
Correct Answer: A. Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource where StopLogging was invoked. Add the Lambda function ARN as the target of the EventBridge rule.
Explanation
To minimize CloudTrail downtime, remediation must be near real-time. EventBridge natively detects CloudTrail StopLogging API calls instantly and triggers Lambda immediately—achieving sub-second remediation. Option A uses this direct, event-driven approach. Option B introduces up to 1-hour delay due to AWS Config’s periodic evaluation. Option C adds up to 5-minute latency. Option D introduces infrastructure overhead, polling inefficiency, and potential delays—violating the 'shortest downtime' requirement.