exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 167 discussion

A security engineer must Implement monitoring of a company's Amazon Aurora MySQL DB instances. The company wants to receive email notifications when unknown users try to log in to the database endpoint.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Enable Amazon GuardDuty. Enable the Amazon RDS Protection feature in GuardDuty to detect login attempts by unknown users. Create an Amazon EventBridge rule to filter GuardDuty findings. Send email notifications by using Amazon Simple Notification Service (Amazon SNS).
  • B. Enable the server_audit_logglng parameter on the Aurora MySQL DB instances. Use AWS Lambda to periodically scan the delivered log files for login attempts by unknown users. Send email notifications by using Amazon Simple Notification Service (Amazon SNS).
  • C. Create an Amazon RDS Custom AMI. Include a third-party security agent in the AMI to detect login attempts by unknown users. Deploy RDS Custom DB instances. Migrate data from the existing installation to the RDS Custom DB instances. Configure email notifications from the third-party agent.
  • D. Write a stored procedure to detect login attempts by unknown users. Schedule a recurring job inside the database engine. Configure Aurora MySQL to use Amazon Simple Notification Service (Amazon SNS) to send email notifications.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
grekh001
Highly Voted 6 months, 1 week ago
A. https://docs.aws.amazon.com/guardduty/latest/ug/rds-protection.html
upvoted 6 times
...
Davidng88
Most Recent 2 months, 3 weeks ago
Selected Answer: A
A has least operational overheads compared to B (write and maintain Lambda), C (customized AMI, 3rd party software agents) and D (write and maintain stored procedure).
upvoted 1 times
...
heatblur
3 months, 3 weeks ago
Selected Answer: A
A is correct....a Lambda function to periodically scan the logs is not ideal.
upvoted 1 times
...
HunkyBunky
4 months, 1 week ago
Selected Answer: A
I guess that A - fits better in that scenario
upvoted 1 times
...
adit
5 months ago
Selected Answer: B
B right answer
upvoted 1 times
adit
5 months ago
A right answer
upvoted 2 times
...
...
sema2232
5 months, 3 weeks ago
B right answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...