ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 257 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 257
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company stores sensitive data in AWS Secrets Manager. A security engineer needs to design a solution to generate a notification email when anomalous GetSecretValue API calls occur. The security engineer has configured an Amazon EventBridge rule for all Secrets Manager events that AWS CloudTrail delivers.

Which solution will meet these requirements?

  • A. Configure CloudTrail as the target of the EventBridge rule. Set up an attribute filter on the IncomingBytes attribute and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudTrail alarm that uses the SNS topic to send the notification.
  • B. Configure CloudTrail as the target of the EventBridge rule. Set up an attribute filter on the IncomingBytes attribute and enable anomaly detection. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure a CloudTrail alarm that uses the SQS queue to send the notification.
  • C. Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Set up a metric filter on the IncomingBytes metric and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm that uses the SNS topic to send the notification.
  • D. Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Use CloudWatch Logs Insights query syntax to search for anomalous GetSecretValue API calls. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure a CloudWatch alarm that uses the SQS queue to send the notification.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 723993f at Nov. 26, 2024, 2:19 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TareDHakim
3 months, 3 weeks ago
Selected Answer: C
amazing feature, which I had no idea existed.
upvoted 1 times
...
IPLogic
4 months, 3 weeks ago
Selected Answer: C
C. Configure Amazon CloudWatch Logs as the target of the EventBridge rule. Set up a metric filter on the IncomingBytes metric and enable anomaly detection. Create an Amazon Simple Notification Service (Amazon SNS) topic. Configure a CloudWatch alarm that uses the SNS topic to send the notification. EventBridge Rule and CloudWatch Logs: By configuring CloudWatch Logs as the target of the EventBridge rule, you can capture and store all relevant logs for further analysis. Metric Filter and Anomaly Detection: Setting up a metric filter on the IncomingBytes metric enables detailed monitoring and anomaly detection for specific API call patterns, such as the GetSecretValue API. SNS Topic for Notifications: Creating an SNS topic ensures that alerts are sent out immediately when an anomaly is detected. CloudWatch alarms can be configured to trigger notifications via SNS, providing timely alerts to the security team.
upvoted 1 times
IPLogic
4 months, 3 weeks ago
Option A and B: Configuring CloudTrail as the target and using attribute filters is less direct and involves an additional step of setting up CloudTrail alarms, which might not offer the same level of granularity and immediate anomaly detection as CloudWatch Logs. Option D: Using CloudWatch Logs Insights is another valid approach, but it involves more complex querying and might not be as straightforward for continuous anomaly detection compared to using metric filters. By following Option C, you can ensure a robust, automated solution for detecting and alerting on anomalous API calls in AWS Secrets Manager.
upvoted 1 times
...
...
723993f
5 months ago
Selected Answer: C
C - using built-in anomaly detection in cloudwatch based on the volume of "what is being logged itself" https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Monitoring-CloudWatch-Metrics.html#cwl-metrics https://medium.com/cyberark-engineering/unlocking-the-power-of-amazon-cloudwatch-anomaly-detection-for-secrets-manager-27a7ffd66498
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago