Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 182 discussion

A company has secured the AWS account root user for its AWS account by following AWS best practices. The company also has enabled AWS CloudTrail, which is sending its logs to Amazon S3. A security engineer wants to receive notification in near-real time if a user uses the AWS account root user credentials to sign in to the AWS Management Console

Which solutions will provide this notification? (Choose two.)

  • A. Use AWS Trusted Advisor and its security evaluations for the root account. Configure an Amazon EventBridge event rule that is invoked by the Trusted Advisor API. Configure the rule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe any required endpoints to the SNS topic so that these endpoints can receive notification.
  • B. Use AWS IAM Access Analyzer. Create an Amazon Cloud Watch Logs metric filter to evaluate log entries from Access Analyzer that detect a successful root account login. Create an Amazon CloudWatch alarm that monitors whether a root login has occurred. Configure the CloudWatch alarm to notify an Amazon Simple Notification Service (Amazon SNS) topic when the alarm enters the ALARM state. Subscribe any required endpoints to this SNS topic so that these endpoints can receive notification.
  • C. Configure AWS CloudTrail to send its logs to Amazon CloudWatch Logs. Configure a metric filter on the CloudWatch Logs log group used by CloudTrail to evaluate log entries for successful root account logins. Create an Amazon CloudWatch alarm that monitors whether a root login has occurred. Configure the CloudWatch alarm to notify an Amazon Simple Notification Service (Amazon SNS) topic when the alarm enters the ALARM state. Subscribe any required endpoints to this SNS topic so that these endpoints can receive notification.
  • D. Configure AWS CloudTrail to send log notifications to an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function that parses the CloudTrail notification for root login activity and notifies a separate SNS topic that contains the endpoints that should receive notification. Subscribe the Lambda function to the SNS topic that is receiving log notifications from CloudTrail.
  • E. Configure an Amazon EventBridge event rule that runs when Amazon CloudWatch API calls are recorded for a successful root login. Configure the rule to target an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe any required endpoints to the SNS topic so that these endpoints can receive notification.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Pmktechno
6 days, 20 hours ago
Selected Answer: CE
C and E correct
upvoted 1 times
...
mzeynalli
1 week, 4 days ago
Selected Answer: CE
NOT D!!! C & E are correct option CloudTrail to SNS with Lambda function: While this option can work, it involves more complexity than necessary (Lambda to parse and notify SNS). Options C and E are more direct and cost-effective for near-real-time notifications.
upvoted 1 times
...
gjurro
1 month ago
Selected Answer: CE
The correct answers are C and E - Option C is correct because using CloudTrail with CloudWatch Logs and setting up a metric filter and alarm will detect and alert for root login events effectively. - E is also correct as EventBridge can capture specific root login events through CloudTrail and trigger an SNS notification, providing near-real-time alerts. Why Other Options Are Incorrect: - A is incorrect because AWS Trusted Advisor does not provide real-time alerts specifically for root login events; it is more of a best practice and configuration monitoring tool. - B is incorrect because IAM Access Analyzer does not monitor root login events. It's primarily for access policy analysis. - D is incorrect because CloudTrail alone does not provide log notifications to SNS without additional steps like CloudWatch Logs and Lambda integration.
upvoted 2 times
...
mikelord
1 month, 3 weeks ago
I think CE should be the answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...