Q65 — AWS SAA-C03 第3章
第 65/65 题 | ← 返回第3章
Q195.一家公司想要管理 Amazon Machine Images (AMIS).该公司目前将 AMI 复制到创建 AMIS 的同一 AWS 区域.公司需要设计一个应用程序来捕获 AWS API 调用并在公司账户内调用 Amazon EC2 CreateImage API 操作时发送警报.哪种解决方案能够以最少的运营开销满足这些要求?
- A. 创建一个 AWS Lambda 函数来查询 AWS CloudTrail 日志并在检测到 CreateImage API 调用时发送警报.
- B. 使用 Amazon Simple Notification Service (Amazon SNS) 通知配置 AWS CloudTrail,该通知在更新的日志发送到 Amazon S3 时发生.使用 Amazon Athena 创建新表并在检测到 API 调用时查询 CreateImage.
- C. 为 CreateImage API cal 创建一个 Amazon EventBridge (Amazon CloudWatch Events) 规则.将目标配置为 Amazon Simple Notification Service (Amazon SNS) 主题,以便在检测到 CreateImage API 调用时发送警报. ✓
- D. 配置一个 Amazon Simple Queue Service (Amazon SQS) FIFO 队列作为 AWS CloudTrail 日志的目标.创建 AWS Lambda 函数以在检测到 CreateImage API 调用时向 Amazon Simple Notification Service (Amazon SNS) 主题发送警报.
正确答案: C. 为 CreateImage API cal 创建一个 Amazon EventBridge (Amazon CloudWatch Events) 规则.将目标配置为 Amazon Simple Notification Service (Amazon SNS) 主题,以便在检测到 CreateImage API 调用时发送警报.
解析
Option A suggests creating an AWS Lambda function to query AWS CloudTrail logs and send an alert when a CreateImage API call is detected. While this approach can work, it may require more configuration management compared to using Amazon EventBridge.Option B suggests configuring AWS CloudTrail with an Amazon SNS notification that occurs when updated logs are sent to Amazon S3 and using Amazon Athena to create a new table and query on CreateImage when an API call is detected. While this approach can work and provides flexibility in querying logs, it may require more operational overhead and complexity compared to using Amazon EventBridge.Option D suggests configuring an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs and creating an AWS Lambda function to send an alert to an Amazon SNS topic when a CreateImage API call is detected. While this approach can work, it requires setting up additional infrastructure and may not be necessary if Amazon EventBridge can handle the requirements.By creating an Amazon EventBridge rule for the CreateImage API call and configuring the target as an Amazon SNS topic, the company can detect any CreateImage API calls made within their account and send an alert through Amazon SNS. This solution minimizes operational overhead since Amazon EventBridge can easily handle the event detection, routing, and dispatching tasks, without requiring significant infrastructure or configuration management. This solution meets the requirements stated in the question while minimizing operational overhead.选项A建议创建一个AWS Lambda函数来查询AWS CloudTrail日志,并在检测到CreateImage API调用时发送警报。虽然这种方法可以工作,但与使用Amazon EventBridge相比,它可能需要更多的配置管理。选项B建议将AWS CloudTrail配置为在更新的日志发送到Amazon S3时发生的Amazon SNS通知,并在检测到API调用时使用Amazon Athena在CreateImage上创建新表和查询。虽然这种方法可以工作并提供查询日志的灵活性,但与使用Amazon EventBridge相比,它可能需要更多的操作开销和复杂性。选项D建议配置Amazon Simple Queue Service (Amazon SQS) FIFO队列作为AWS CloudTrail日志的目标,并创建AWS Lambda函数,以便在检测到CreateImage API调用时向Amazon SNS主题发送警报。虽然这种方法可以工作,但它需要设置额外的基础设施,如果Amazon EventBridge可以处理需求,则可能没有必要。通过为CreateImage API调用创建Amazon EventBridge规则并将目标配置为Amazon SNS主题,公司可以检测其帐户内的任何CreateImage API调用,并通过Amazon SNS发送警报。该解决方案最大限度地减少了操作开销,因为Amazon EventBridge可以轻松地处理事件检测、路由和调度任务,而不需要大量的基础设施或配置管理。此解决方案满足问题中所述的需求,同时最小化操作开销。