ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 126 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 126
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A highly regulated company has a policy that DevOps engineers should not log in to their Amazon EC2 instances except in emergencies. If a DevOps engineer does log in, the security team must be notified within 15 minutes of the occurrence.

Which solution will meet these requirements?

  • A. Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon EventBridge notifications. Invoke an AWS Lambda function to check if a message is about user logins. If it is, send a notification to the security team using Amazon SNS.
  • B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found, send a notification to the security team using Amazon SNS.
  • C. Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis. Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login. If it does, send a notification to the security team using Amazon SNS.
  • D. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up an S3 event to invoke an AWS Lambda function, which invokes an Amazon Athena query to run. The Athena query checks for logins and sends the output to the security team using Amazon SNS.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 2pk at May 13, 2023, 11:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 1 year, 2 months ago
Selected Answer: B
B is correct: <the security team must be notified > means SNS A: irrelevant, inspector is for vulnerability scanning C: cloud trail is for monitoring account activities D: This options uses manual script, which is irrelevant
upvoted 6 times
...
zijo
Most Recent 10 months ago
Selected Answer: B
B is the cheapest and correct solution CloudTrail does not capture: SSH logins to Linux instances. RDP logins to Windows instances. Commands executed on the instances. Local file access or modifications within the instances.
upvoted 1 times
...
haazybanj
1 year, 9 months ago
Selected Answer: C
While Option B can provide valuable insights into user logins and send notifications to the security team, it might not guarantee that the security team is notified within 15 minutes of a login occurrence. The time it takes for the CloudWatch metric filter to process and detect the login event, along with the potential delays in the SNS notification, could result in notifications being sent beyond the required 15-minute timeframe. On the other hand, Option C, which uses AWS CloudTrail with Amazon CloudWatch Logs and Amazon Kinesis, allows real-time processing and immediate notifications when a user login event is detected. This makes Option C more suitable for meeting the specific requirement of notifying the security team within 15 minutes of a login occurrence.
upvoted 1 times
RVivek
1 year, 7 months ago
Cloud Trail will track calls to AWS API, but not the OS login in an EC2. That can be checked only using Cloud watch logs
upvoted 10 times
...
...
n_d1
1 year, 9 months ago
Selected Answer: B
https://aws.amazon.com/blogs/security/how-to-monitor-and-visualize-failed-ssh-access-attempts-to-amazon-ec2-linux-instances/
upvoted 3 times
...
ProfXsamson
1 year, 9 months ago
Selected Answer: B
B, Eventhough it's not stated in some questions, the cheapest solution to a problem is always AWS favorite.
upvoted 4 times
...
gdtypk
1 year, 11 months ago
Selected Answer: B
Isn't it possible to get login events with CloudTrail?
upvoted 2 times
...
Mail1964
1 year, 11 months ago
Selected Answer: B
Subtle difference Cloudtrail is "near" realtime - You can use subscriptions to get access to a real-time feed of log events from CloudWatch Logs and have it delivered to other services such as an Amazon Kinesis stream, an Amazon Kinesis Data Firehose stream, or AWS Lambda for custom processing, analysis, or loading to other systems.
upvoted 3 times
...
devnv
1 year, 11 months ago
B is the right answer
upvoted 1 times
...
2pk
1 year, 11 months ago
i think its C, Both B&C solutions are valid and can meet the requirement of notifying the security team within 15 minutes of a DevOps engineer logging into an EC2 instance. However, there are some differences in how quickly each solution can detect and notify the security team of a login event. The CloudTrail-based solution can detect a login event more quickly than the CloudWatch-based solution because CloudTrail captures API events in near-real-time, while CloudWatch logs may have a delay of a few minutes before they appear in the log group. Therefore, the CloudTrail-based solution is more likely to meet the 15-minute notification requirement.
upvoted 1 times
buiquangbk90
1 year, 8 months ago
AWS CloudTrail captures API calls made on your account and sends log files to CloudWatch Logs. The provided solution monitors for login-related API calls. While this may detect some login activity (like a RunInstances API call), it will not catch SSH logins to an EC2 instance. Therefore, this solution isn't comprehensive enough. => Correct answer is B.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago