ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 92 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 92
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses a single AWS account to test applications on Amazon EC2 instances. The company has turned on AWS Config in the AWS account and has activated the restricted-ssh AWS Config managed rule.

The company needs an automated monitoring solution that will provide a customized notification in real time if any security group in the account is not compliant with the restricted-ssh rule. The customized notification must contain the name and ID of the noncompliant security group.

A DevOps engineer creates an Amazon Simple Notification Service (Amazon SNS) topic in the account and subscribes the appropriate personnel to the topic.

What should the DevOps engineer do next to meet these requirements?

  • A. Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge rule. Configure the EventBridge rule to publish a notification to the SNS topic.
  • B. Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers.
  • C. Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure the EventBridge rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic.
  • D. Create an Amazon EventBridge rule that matches all AWS Config evaluation results of NON_COMPLIANT. Configure an input transformer for the restricted-ssh rule. Configure the EventBridge rule to publish a notification to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by devnv at May 14, 2023, 10:28 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
steli0
5 months ago
Selected Answer: A
D is tricky since it's not clear if the input transformer mentioned in the answer is supposed to be applied to the config rule or the EventBridge rule.
upvoted 1 times
...
zijo
10 months, 3 weeks ago
AWS Config can send notifications to an SNS topic directly but here you need a customized notification which is only possible with the input transformer in Amazon EventBridge. So I think A is the better choice.
upvoted 3 times
...
MalonJay
11 months, 3 weeks ago
B AWS Config can send notifications directly to SNS.
upvoted 2 times
...
Heyang
1 year, 1 month ago
A,About strict-ssh https://docs.aws.amazon.com/zh_cn/config/latest/developerguide/restricted-ssh.html
upvoted 1 times
...
thanhnv142
1 year, 2 months ago
Selected Answer: A
A is correct: <needs an automated monitoring solution that will provide a customized notification> and <creates an Amazon Simple Notification Service (Amazon SNS) topic> means they have already have SNS. we need to trigger alarm with eventbridge and send noti to SNS B: no mention of event bride C: AWS Systems Manager Run Command on the SNS topic to customize a notification: this step is unnecessary D: <matches all AWS Config evaluation results of NON_COMPLIAN>: we need to match NON_COMPLIANT for the restricted-ssh rule only
upvoted 4 times
...
beanxyz
1 year, 8 months ago
Selected Answer: A
Here is an example https://repost.aws/knowledge-center/config-resource-non-compliant
upvoted 2 times
...
Aja1
1 year, 9 months ago
Option C is the most appropriate solution for creating a customized SNS notification when the restricted-ssh AWS Config rule is evaluated as NON_COMPLIANT.
upvoted 1 times
Aja1
1 year, 8 months ago
Sorry A EventBridge input transformers are used to customize the data that is sent to a target of an EventBridge rule. They can be used to extract specific data from the event, to convert the data to a different format, or to filter the data.
upvoted 3 times
...
Jaguaroooo
1 year, 3 months ago
why would you want to customize anything to SNS. I chose C, but A makes more sense. no need for sns customization
upvoted 1 times
...
...
haazybanj
1 year, 9 months ago
Selected Answer: A
A The Amazon EventBridge rule should be set up to match AWS Config evaluation results specifically for the restricted-ssh rule. An input transformer should be configured for the EventBridge rule to extract and format the required information (e.g., name and ID of the noncompliant security group) from the AWS Config evaluation result. The EventBridge rule should be configured to publish a notification to the SNS topic once it detects a noncompliant result.
upvoted 3 times
...
[Removed]
1 year, 10 months ago
Selected Answer: A
A is good, - restrict trigger to only ssh sg non compliance - you need input trans*** for sending message to SNS
upvoted 4 times
...
devnv
1 year, 11 months ago
A is the right answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago