ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 188 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 188
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A SysOps administrator is responsible for a company’s security groups. The company wants to maintain a documented trail of any changes that are made to the security groups. The SysOps administrator must receive notification whenever the security groups change.

Which solution will meet these requirements?

  • A. Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SQS) queue for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SQS queue.
  • B. Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
  • C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
  • D. Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Raynor at Nov. 19, 2022, 10:03 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Raynor
Highly Voted 1 year, 11 months ago
Selected Answer: C
maintain a documented trail of any changes = config + S3 Notification = SNS
upvoted 6 times
Raynor
1 year, 11 months ago
maintain a documented trail of any changes = config + S3, Alert = SNS
upvoted 3 times
...
...
r2c3po
Most Recent 10 months ago
Selected Answer: C
Option C provides a solution using AWS Config to record security group changes and notify the SysOps administrator: C. Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic. AWS Config can be configured to capture configuration changes, including changes to security groups. The configuration snapshots and history files can be stored in an Amazon S3 bucket. An Amazon SNS topic can be created to send notifications about configuration changes. The SysOps administrator can subscribe their email address to the SNS topic to receive notifications whenever security group changes occur.
upvoted 1 times
...
Christina666
1 year, 3 months ago
Selected Answer: C
AWS Config, a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to help enable security and governance. You can create AWS Config rules that automatically check the configuration of AWS resources that are recorded by AWS Config. For this example, I use a Config rule that is invoked whenever a change is made to a security group. Attach the Config rule to an AWS Lambda function that examines the ingress rules of a security group to see if the group remains in compliance with the rules.
upvoted 4 times
Christina666
1 year, 3 months ago
The following Lambda function code defines a list named REQUIRED_PERMISSIONS with elements that represent a protocol, port range, and IP range that together define a security permission. This JSON notation is identical to what you would use when creating a security group with the AWS EC2 authorize-security-group-ingress command. REQUIRED_PERMISSIONS = [ { "IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "UserIdGroupPairs" : [], "IpRanges" : [{"CidrIp" : "0.0.0.0/0"}], "PrefixListIds" : [] }, { "IpProtocol" : "tcp", "FromPort" : 443, "ToPort" : 443, "UserIdGroupPairs" : [], "IpRanges" : [{"CidrIp" : "0.0.0.0/0"}], "PrefixListIds" : [] }]
upvoted 2 times
...
...
Gomer
1 year, 6 months ago
Selected Answer: C
https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to-amazon-ec2-security-groups/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago