ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 9 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 9
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses AWS Key Management Service (AWS KMS) keys and manual key rotation to meet regulatory compliance requirements. The security team wants to be notified when any keys have not been rotated after 90 days.
Which solution will accomplish this?

  • A. Configure AWS KMS to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
  • B. Configure an Amazon EventBridge event to launch an AWS Lambda function to call the AWS Trusted Advisor API and publish to an Amazon Simple Notification Service (Amazon SNS) topic.
  • C. Develop an AWS Config custom rule that publishes to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
  • D. Configure AWS Security Hub to publish to an Amazon Simple Notification Service (Amazon SNS) topic when keys are more than 90 days old.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by lqpO_Oqpl at April 5, 2023, 2:32 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 9 months, 2 weeks ago
C is correct A is not because KMS does not provide this function
upvoted 5 times
...
yuliaqwerty
Most Recent 10 months, 1 week ago
Answer C. AWS Config
upvoted 3 times
...
habros
1 year, 4 months ago
Selected Answer: C
C. Config rules notifies.
upvoted 3 times
...
Toptip
1 year, 4 months ago
Selected Answer: C
Are these questions really came from DOP-C02?
upvoted 3 times
...
madperro
1 year, 5 months ago
Selected Answer: C
C makes sense. it should be a custom rule. Rule "access-keys-rotated" checks for access keys, not KMS keys.
upvoted 2 times
...
alce2020
1 year, 6 months ago
C it is
upvoted 1 times
...
ele
1 year, 7 months ago
Selected Answer: C
custom config: C
upvoted 1 times
...
asfsdfsdf
1 year, 7 months ago
Selected Answer: C
Looks like C, actually there is a managed rule for this: https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html anyway trusted advisor cannot be used as there is no such check, also KMS does not have this action, security hub is not conducting any active checks just react to events
upvoted 4 times
zijo
8 months, 3 weeks ago
IAM Access Key & KMS key are different. The managed rule is for IAM Access key
upvoted 1 times
...
s50600822
1 year, 3 months ago
access key?
upvoted 3 times
...
...
Dimidrol
1 year, 7 months ago
Selected Answer: C
C for me. A there no such functionality, B i checked trusted advisor there is no such kms days, d is aggregator for config, guardduty. So you need config for D
upvoted 2 times
...
lqpO_Oqpl
1 year, 7 months ago
Tell me Why not D..
upvoted 1 times
beanxyz
1 year, 2 months ago
When you enable a control in Security hub it will automatically create a Config. There are 4 KMS related controls in security hub but none of them is about the rotation age. In this case you need to create a custom Config.
upvoted 1 times
...
Manny20
1 year, 5 months ago
• Option D is not the correct answer because AWS Security Hub is primarily focused on aggregating and managing security findings, and it does not have a specific feature to monitor the age of AWS KMS keys.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago