ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 320 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 320
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has multiple AWS accounts in an organization in AWS Organizations that has all features enabled. The company’s DevOps administrator needs to improve security across all the company's AWS accounts. The administrator needs to identify the top users and roles in use across all accounts.

Which solution will meet these requirements with the MOST operational efficiency?

  • A. Create a new organization trail in AWS CloudTrail. Configure the trail to send log events to Amazon CloudWatch Logs. Create a CloudWatch Contributor Insights rule for the userIdentity.arn log field. View the results in CloudWatch Contributor Insights.
  • B. Create an unused access analysis for the organization by using AWS Identity and Access Management Access Analyzer. Review the analyzer results and determine if each finding has the intended level of permissions required for the workload.
  • C. Create a new organization trail in AWS CloudTrail. Create a table in Amazon Athena that uses partition projection. Load the Athena table with CloudTrail data. Query the Athena table to find the top users and roles.
  • D. Generate a Service access report for each account by using Organizations. From the results, pull the last accessed date and last accessed by account fields to find the top users and roles.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by phu0298 at Nov. 21, 2024, 8:36 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ky_24
Highly Voted 6 months ago
Selected Answer: C
You can use partition projection in Athena to optimize your queries by specifying how the logs are structured in S3. This makes the process of querying CloudTrail logs across multiple AWS accounts much more efficient.
upvoted 5 times
...
AWSLoverLoverLoverLoverLover
Most Recent 3 weeks, 6 days ago
Selected Answer: A
Which solution will meet these requirements with the MOST operational efficiency? Answer is A
upvoted 1 times
...
robotgeek
1 month ago
Selected Answer: A
What do you think "partition projection" has to do with the required scenario guys?
upvoted 1 times
...
Srikantha
2 months, 2 weeks ago
Selected Answer: C
This option provides the MOST operational efficiency because it: Aggregates CloudTrail logs from all AWS accounts using a single organization trail. Leverages Amazon Athena to analyze logs at scale with SQL-like queries. Allows for automated and repeatable querying to identify top users and roles across the entire organization. Partition projection reduces the need for manual partition management, improving performance and automation.
upvoted 1 times
...
teo2157
4 months, 2 weeks ago
Selected Answer: C
Voting for C, agree with Ky_24
upvoted 4 times
...
Erso
4 months, 4 weeks ago
Selected Answer: A
MOST operation efficency is the key point here
upvoted 1 times
...
teo2157
6 months ago
Selected Answer: C
Athena is much more efficient that CloudWatch Contributor Insights in this case
upvoted 4 times
...
f4b18ba
6 months, 4 weeks ago
Selected Answer: A
Option A provides a solution that is operationally efficient, scalable, and directly addresses the requirement to identify the top users and roles in use across all AWS accounts. By leveraging AWS services like CloudTrail and CloudWatch Contributor Insights, the DevOps administrator can gain real-time insights with minimal setup and maintenance effort.
upvoted 4 times
...
phu0298
7 months ago
C A: While Contributor Insights can identify the top contributors (e.g., users and roles), it is limited to specific log patterns and is more suited for real-time analysis. This option is not as operationally efficient for long-term, detailed analysis across all accounts.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel