ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 17 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 17
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.
A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS).
What should the DevOps engineer do next to meet the requirements?

  • A. Configure the Lambda function to be invoked by the SNS topic. Create an AWS CloudTrail subscription for the SNS topic. Configure a subscription filter for security group modification events.
  • B. Create an Amazon EventBridge scheduled rule to invoke the Lambda function. Define a schedule pattern that runs the Lambda function every hour.
  • C. Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule’s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function.
  • D. Create an Amazon EventBridge custom event bus that subscribes to events from all AWS services. Configure the Lambda function to be invoked by the custom event bus.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by ele at April 7, 2023, 3:48 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
thanhnv142
Highly Voted 9 months, 1 week ago
C is correct: A: lambda should be invoked by Eventbridge B: we need to act when there is events, not schedully D: subscribing to events from ALL AWS services incurs a huge cost
upvoted 6 times
...
01037
Most Recent 5 months, 3 weeks ago
Selected Answer: C
C of course. But A seems working, and does Aws Config work in this situation?
upvoted 1 times
...
c3518fc
5 months, 3 weeks ago
Selected Answer: C
By creating an EventBridge event rule with the appropriate event pattern and configuring it to invoke the Lambda function, the DevOps engineer can effectively detect security group rule changes in near real-time, remove unrestricted rules, and send notifications to the security team. This solution leverages the event-driven architecture of EventBridge and the serverless execution of AWS Lambda, providing a scalable and efficient way to meet the company's security requirements.
upvoted 3 times
...
meriemheni
10 months, 1 week ago
selected answer:C
upvoted 2 times
...
madperro
1 year, 4 months ago
Selected Answer: C
C the default bus includes events from AWS services. https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-bus.html
upvoted 4 times
...
bcx
1 year, 5 months ago
Selected Answer: C
Wrong answers: A. SNS is used here to send a notification post-facto B. The question requires "near real time", an hour is not "near real time" D. AWS events come on the default event bus, you do not need a custom event bus
upvoted 4 times
Aja1
1 year, 2 months ago
The default event bus in each account receives events from AWS services. A custom event bus sends events to or receives events from a different account. A custom event bus sends events to or receives events from a different Region to aggregate events in a single location. A partner event bus receives events from a SaaS partner.
upvoted 4 times
...
...
haazybanj
1 year, 6 months ago
Selected Answer: C
To meet the requirements, the DevOps engineer should create an Amazon EventBridge event rule that has the default event bus as the source. The rule's event pattern should match EC2 security group creation and modification events, and it should be configured to invoke the Lambda function. This solution will allow for near real-time detection of security group rule changes and will trigger the Lambda function to remove any unrestricted rules and send email notifications to the security team.
upvoted 4 times
...
alce2020
1 year, 6 months ago
C is the answer
upvoted 2 times
...
5aga
1 year, 6 months ago
Selected Answer: C
C. Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule’s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function. The solution requires near real-time detection of changes to security group rules and immediate action to remove unrestricted rules and send email notifications to the security team. The AWS Lambda function created by the DevOps engineer can perform these actions, but it needs to be invoked whenever a security group rule is modified. Amazon EventBridge is a serverless event bus service that can receive and process events from various AWS services, including Amazon EC2 and Amazon SNS. An EventBridge event rule with the default event bus as the source can be created to match EC2 security group creation and modification events. This rule can then be configured to invoke the Lambda function, which can remove unrestricted rules and send email notifications to the security team.
upvoted 4 times
...
ele
1 year, 6 months ago
Selected Answer: C
https://repost.aws/knowledge-center/monitor-security-group-changes-ec2
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago