Multiple Choice
A company's Security team wants to track data encryption events across all company AWS accounts. The team wants to capture all AWS KMS events related to deleting or rotating customer master keys (CMKs) from all production AWS accounts. The KMS events will be sent to the Security team's AWS account for monitoring. How can this be accomplished?
A) Create an AWS Lambda function that will run every few minutes in each production account, parse the KMS log for KMS events, and sent the information to an Amazon SQS queue managed by the Security team.
B) Create an event bus in the Security team's account, create a new Amazon CloudWatch Events rule that matches the KMS events in each production account, and then add the Security team's event bus as the target.
C) Set up AWS CloudTrail for KMS events in every production account, and have the logs sent to an Amazon S3 bucket that is managed by the Security team.
D) Create an AWS Config rule that checks for KMS keys that are in a pending deletion or rotated state in every production account, then send Amazon SNS notifications of any non-compliant KMS resources to the Security team.
Correct Answer:
Verified
Correct Answer:
Verified
Q182: After installing and configuring the Amazon CloudWatch
Q183: What is the main use of EMR?<br>A)
Q184: A user has configured ELB with two
Q185: A user has created an EBS volume
Q186: A user is trying to setup a
Q188: You are running a database on an
Q189: A user has launched an EBS backed
Q190: An organization has created 50 IAM users.
Q191: A user wants to upload a complete
Q192: When an EC2 EBS-backed (EBS root) instance