Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 109 discussion

A. old but gold link: https://aws.amazon.com/blogs/mt/monitor-changes-and-auto-enable-logging-in-aws-cloudtrail/

This solution ensures the least amount of downtime for CloudTrail log deliveries when auto-remediating CloudTrail being turned off. Here's why: Event-Driven Automation: By creating an Amazon EventBridge rule for the CloudTrail StopLogging event, the remediation process is triggered immediately when CloudTrail logging is stopped, minimizing the downtime. Targeted Remediation: The Lambda function uses the AWS SDK to call StartLogging on the specific CloudTrail trail ARN where the StopLogging event occurred. This targeted approach ensures that logging is re-enabled for the affected trail without impacting other trails or introducing unnecessary overhead. Low Latency: EventBridge rules and Lambda functions are designed to be highly responsive, ensuring that the remediation action is initiated with minimal delay after the StopLogging event occurs.

A. is correct Details are everything during an investigation

A is correct: <The DevOps engineer needs a solution to auto-remediate CloudTrail being turned off> means we should turn on it again if we detect that it is turn-off. AWS config rule or Eventbridge would be considered. < the LEAST amount of downtime> means we should choose A because this minimizes downtime B: this option utilizes an AWS config rule, which is good. But it sets the rule with a periodic interval of 1 hours, which would introduce a lot of downtime C: this option utilizes evenbridge, but the event to trigger eventbridge is undetermined D: Should not use a custom script to do the task

A its quicker and the solution is asking for the leeast amount of downtime

"LEAST amount of downtime" = A cloudwatch event is near real time. Al the other options are not.

Both A and B will work. However the question mentions leatst Cloutrial down time. Option A is correct beacuse the remiation is triggred immeiately . Option B can be delayed a it uns once in ever hour

I don't think stoplogging is CloudTrail being turned off. You can stop logging anytime - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-turning-off-logging.html But it doesn't means CloudTrail being turned off

cloudtrail-enabled rule will check CloudTrail being turned off.

I got A as my answer

The requirement is - What solution ensures the LEAST amount of downtime for the CloudTrail log deliveries? For me that means reacting to AWS events. AWS config rule with 1 hr schedule does not meet the criteria in my opinion.

Answer A, This solution is the most appropriate as it listens to the StopLogging event and automatically starts logging immediately. This approach eliminates the need to wait for a scheduled interval, thereby reducing the amount of downtime and ensuring the security team can detect security issues in real-time. Option B is incorrect as it uses AWS Config rules to detect CloudTrail stoppage, which might not be an immediate solution to this issue

A is the right answer

A is correct.

B for me