ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 71 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 71
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM Identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.
Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

  • A. Create an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.
  • B. Create an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.
  • C. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.
  • D. Create an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.
  • E. Create an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team's group email address to the topic.
  • F. Create an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.
Show Suggested Answer Hide Answer
Suggested Answer: ACE 🗳️
by haazybanj at May 3, 2023, 6:32 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mrjaehong
7 months, 2 weeks ago
The IAM user that was created cannot have an access key from the beginning. You need to log in and get an access key.
upvoted 1 times
...
0b005fc
1 year, 2 months ago
Took the test 4/15 and passed. Almost all of the questions appeared. ACE is correct.
upvoted 1 times
...
thanhnv142
1 year, 4 months ago
ACE are correct: <disable credentials of any new IAM user> means disable all access key and profile related to the user. <the security team to receive a notification> means SNS B: GetLoginProfile API is not equal to creating new user D: we should delete all access key and profile related to the user, not just profile F: we need SNS, not SQS
upvoted 4 times
...
khchan123
1 year, 5 months ago
Selected Answer: ACE
Answer ACE
upvoted 2 times
...
yuliaqwerty
1 year, 5 months ago
Answer ACE
upvoted 1 times
...
Snape
1 year, 11 months ago
Selected Answer: ACE
No Brainer
upvoted 3 times
...
Jeanphi72
2 years, 1 month ago
Selected Answer: ACE
My answer ACE
upvoted 4 times
...
haazybanj
2 years, 1 month ago
Selected Answer: ACE
ACE is the right answer
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel