Multiple Choice
According to Information Security policy, changes to the contents of objects inside production Amazon S3 buckets that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?
A) Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.
B) Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
C) Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.
D) Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
Correct Answer:
Verified
Correct Answer:
Verified
Q144: A web application for healthcare services runs
Q145: A DevOps Engineer is researching the least-expensive
Q146: You need to create an audit log
Q147: A DevOps engineer is tasked with creating
Q148: A DevOps engineer is tasked with migrating
Q150: Your CTO is very worried about the
Q151: You currently run your infrastructure on Amazon
Q152: What is the scope of an EBS
Q153: A healthcare provider has a hybrid architecture
Q154: You are doing a load testing exercise