Multiple Choice
According to Information Security Policy, changes to the contents of objects inside production Amazon S3 bucket that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?
A) Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.
B) Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
C) Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.
D) Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
Correct Answer:
Verified
Correct Answer:
Verified
Q569: When thinking of AWS OpsWorks, which of
Q570: A DevOps team manages an API running
Q571: When a user is detaching an EBS
Q572: You want to build an application that
Q573: Which statement is true about configuring proxy
Q575: What are the default memory limit policies
Q576: A company is deploying a new application
Q577: A retail company wants to use AWS
Q578: A DevOps Engineer manages a large commercial
Q579: You have an Auto Sealing group of