Multiple Choice
A highly regulated company has a policy that DevOps Engineers should not log in to their Amazon EC2 instances except in emergencies. If a DevOps Engineer does log in, the Security team must be notified within 15 minutes of the occurrence. Which solution will meet these requirements?
A) Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon CloudWatch Events notifications. Trigger an AWS Lambda function to check if a message is about user logins. If it is, send a notification to the Security team using Amazon SNS.
B) Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found, send a notification to the Security team using Amazon SNS.
C) Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis. Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login. If it does, send a notification to the Security team using Amazon SNS.
D) Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up an S3 event to trigger an AWS Lambda function, which triggers an Amazon Athena query to run. The Athena query checks for logins and sends the output to the Security team using Amazon SNS.
Correct Answer:
Verified
Correct Answer:
Verified
Q30: A company wants to use Amazon DynamoDB
Q31: You are responsible for a large-scale video
Q32: A DevOps Engineer is leading the implementation
Q33: A DevOps Engineer must track the health
Q34: A DevOps Engineer at a startup cloud-based
Q36: When running a playbook on a remote
Q37: A DevOps team needs to query information
Q38: A DevOps Engineer needs to deploy a
Q39: Your organization has decided to implement a
Q40: The project you are working on currently