ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 76 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 76
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Analyst attempted to troubleshoot the monitoring of suspicious security group changes. The Analyst was told that there is an Amazon CloudWatch alarm in place for these AWS CloudTrail log events. The Analyst tested the monitoring setup by making a configuration change to the security group but did not receive any alerts.
Which of the following troubleshooting steps should the Analyst perform?

  • A. Ensure that CloudTrail and S3 bucket access logging is enabled for the Analyst's AWS account. B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action.
  • B. Check the CloudWatch dashboards to ensure that there is a metric configured with an appropriate dimension for security group changes.
  • C. Verify that the Analyst's account is mapped to an IAM policy that includes permissions for cloudwatch: GetMetricStatistics and Cloudwatch: ListMetrics.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ugreenhost at Sept. 8, 2019, 6:29 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
josellama2000
Highly Voted 3 years, 7 months ago
Agreed, the First "B" is correct: "B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action." https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html
upvoted 31 times
...
aiwaai
Highly Voted 3 years, 7 months ago
A. Ensure that CloudTrail and S3 bucket access logging is enabled for the Analyst's AWS accoun B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action. C. Check the CloudWatch dashboards to ensure that there is a metric configured with an appropriate dimension for security group changes. D. Verify that the Analyst's account is mapped to an IAM policy that includes permissions for cloudwatch: GetMetricStatistics and Cloudwatch: ListMetrics.
upvoted 13 times
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: B
Real B! B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action.
upvoted 2 times
...
Sickcnt
1 year, 9 months ago
Correct Answer: "B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action." If you check this link: https://docs.fugue.co/FG_R00056.html You will see that in order to have Alarms configured you also need to set "Metric filters"
upvoted 1 times
...
ITGURU51
1 year, 11 months ago
It is recommended that users establish a metric filter and alarm for changes to Security Groups. Monitoring changes to security groups helps to ensure that resources and services are not unintentionally exposed. B
upvoted 1 times
...
arae
2 years, 6 months ago
the answer is in B clearly but i still went for C stupidly
upvoted 2 times
Knottinger
2 years, 4 months ago
did you just take the exam buddy?
upvoted 2 times
...
...
Radhaghosh
3 years, 3 months ago
Option B is Correct Check the CloudWatch dashboards to ensure that there is a metric configured with an appropriate dimension for security group changes.
upvoted 1 times
HieuTT
2 years, 6 months ago
Pls hand-on-lab
upvoted 1 times
...
...
Hariru
3 years, 5 months ago
Selected Answer: B
C is DASHBOARD! and we dont have anything to do with it. B is only one considering the alarms. so.
upvoted 1 times
...
skipbaylessfor3
3 years, 5 months ago
Lol why are two of the answers mixed together... But yeah I think its either the first B or the actual B showing in the answers...
upvoted 1 times
...
sanjaym
3 years, 6 months ago
Ans : B. Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action.
upvoted 1 times
...
NANDY666
3 years, 6 months ago
B is Correct
upvoted 2 times
...
devjava
3 years, 6 months ago
Ans > B https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html
upvoted 1 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans(B) Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html
upvoted 1 times
...
JJJSSS
3 years, 6 months ago
B is the right answer.
upvoted 1 times
...
RaySmith
3 years, 6 months ago
First B is correct
upvoted 1 times
...
henry76
3 years, 6 months ago
B, Since the problem is with notification one has to see again how it is configured
upvoted 1 times
...
AnNguyen
3 years, 6 months ago
Answer is B: Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification action. We need to check two things: metric data, and alarm A: No need to check the access permission to S3 C: We need check metric is configure correctly in CloudWatch alarm, not in Dashboard D: Not relate to IAM
upvoted 8 times
Bach999
3 years, 6 months ago
What's the Option D? Only A, B, C are left. Option D is missing.
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago