ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 240 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 240
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company is implementing a customized notification solution to detect repeated unauthorized authentication attempts to bastion hosts. The company’s security engineer needs to implement a solution that will provide notification when 5 failed attempts occur within a 5-minute period. The solution must use native AWS services and must notify only the designated system administrator who is assigned to the specific bastion host.

Which solution will meet these requirements?

  • A. Use the Amazon CloudWatch agent to collect operating system logs. Use Amazon EventBridge to configure an alarm based on a metric filter for failed login attempts. Send an alert to Amazon Simple Notification Service (Amazon SNS) when the defined threshold for the alarm is exceeded. Use Amazon EC2 instance tags to determine which SNS topics receive notifications.
  • B. Use AWS Systems Manager Agent to collect operating system logs. Use the Systems Manager Run Command AWS-ConfigureCloudWatch document to configure an Amazon EventBridge event based on a metric filter for failed login attempts. Send an alert to Amazon Simple Notification Service (Amazon SNS) when the defined threshold for the alarm is exceeded. Use SNS messaging filters to control who receives notifications.
  • C. Use the Amazon CloudWatch agent to collect operating system logs. Create a CloudWatch alarm based on a metric filter for failed login attempts. Send an alert to Amazon Simple Notification Servige (Amazon SNS) when the defined threshold for the alarm is exceeded. Use SNS messaging filters to control who receives notifications.
  • D. Use AWS Systems Manager Agent to collect operating system logs. Use the Systems Manager Run Command AWS-ConfigureCloudWatch document to configure an Amazon CloudWatch alarm based on a metric filter for failed login attempts. Send an alert to Amazon Simple Notification Service (Amazon SNS) when the defined threshold for the alarm is exceeded. Use EC2 instance tags to determine which SNS topics receive notifications.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by koo_kai at Nov. 3, 2024, 2:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
itsjunukim
1 week, 2 days ago
Selected Answer: A
Notify only the designated system administrator who is assigned to the specific bastion host.
upvoted 1 times
...
phmeeeee
3 weeks, 1 day ago
Selected Answer: C
C - Retreiving the logs and send it to CloudWatch -> Create metrics filter -> Send alarm when over threshold -> SNS to designated system administrator. A - We are no need EventBridge to send the event based on cloudwatch metrics filter. B&D - is allow you to manage the EC2 instance like patch or automation and not for collect the log or log pasring.
upvoted 1 times
...
chang4li
3 months, 2 weeks ago
Selected Answer: D
"must notify only the designated system administrator who is assigned to the specific bastion host."
upvoted 1 times
...
Pmktechno
4 months ago
Selected Answer: A
Amazon CloudWatch agent can collect operating system logs, including login attempts. Amazon EventBridge can be used to create rules that trigger alarms based on specific patterns in the logs, such as failed login attempts. Amazon SNS can send notifications when the alarm threshold is exceeded. Using EC2 instance tags allows you to direct notifications to the appropriate SNS topics, ensuring that only the designated system administrator for the specific bastion host receives the alerts. This solution leverages native AWS services effectively and minimizes operational overhead by automating the detection and notification process.
upvoted 1 times
...
IPLogic
4 months, 3 weeks ago
Selected Answer: C
CloudWatch Agent and Logs: The Amazon CloudWatch agent is configured to collect operating system logs, making it an ideal choice for monitoring failed login attempts. CloudWatch Alarm and Metric Filter: Creating a CloudWatch alarm based on a metric filter for failed login attempts ensures that you can set up precise conditions, such as 5 failed attempts within a 5-minute period. SNS and Messaging Filters: Amazon SNS is used to send alerts when the threshold is exceeded. SNS messaging filters can be used to control who receives notifications, ensuring that only the designated system administrator for the specific bastion host is notified. Option A includes using EventBridge to configure the alarm, which is an additional layer that isn't necessary for this specific requirement.
upvoted 1 times
...
723993f
5 months, 1 week ago
Selected Answer: A
the difference between A and C is that A uses event bridge and tags that can be referenced to route the request to a different sns topic each time, while C uses a single sns and no eventbridge A is the answer because correct routing is an important aspect in the requirements
upvoted 1 times
...
k23319
5 months, 1 week ago
Selected Answer: C
No need for Eventbridge, use cloudwatch alarms
upvoted 1 times
...
koo_kai
5 months, 4 weeks ago
Selected Answer: C
Use metrics filter
upvoted 1 times
ericxw
5 months, 2 weeks ago
both A/C contains use metric filter
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago