Multiple Choice
A company's security team discovers that IAM access keys were exposed in a public code repository. Moving forward, the DevOps team wants to implement a solution that will automatically disable any keys that are suspected of being compromised, and notify the security team. Which solution will accomplish this?
A) Create an Amazon CloudWatch Events event for Amazon Macie. Create an Amazon SNS topic with two subscriptions: one to notify the security team and another to trigger an AWS Lambda function that disables the access keys.
B) Enable Amazon GuardDuty and set up an Amazon CloudWatch Events rule event for GuardDuty. Trigger an AWS Lambda function to check if the event relates to compromised keys. If so, send a notification to the security team and disable the access keys.
C) Run an AWS CloudWatch Events rule every 5 minutes to invoke an AWS Lambda function that checks to see if the compromised tag for any access key is set to true. If so, notify the security team and disable the access keys.
D) Set up AWS Config and create an AWS CloudTrail event for AWS Config. Create an Amazon SNS topic with two subscriptions: one to notify the security team and another to trigger an AWS Lambda function that disables the access keys.
Correct Answer:
Verified
Correct Answer:
Verified
Q237: What is the order of most-to-least rapidly-scaling
Q238: A company uses AWS Organizations to manage
Q239: What is true of the way that
Q240: A DevOps engineer wants to find a
Q241: A DevOps Engineer must create a Linux
Q243: A company is using AWS CodeDeploy to
Q244: A DevOps team needs to query information
Q245: A retail company has adopted AWS OpsWorks
Q246: An ecommerce company is running an application
Q247: A company has a mission-critical application on