ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 254 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 254
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has a strict policy against using root credentials. The company’s security team wants to be alerted as soon as possible when root credentials are used to sign in to the AWS Management Console.

How should the security team achieve this goal?

  • A. Use AWS Lambda to periodically query AWS CloudTrail for console login events and send alerts using Amazon Simple Notification Service (Amazon SNS).
  • B. Use Amazon EventBridge to monitor console logins and direct them to Amazon Simple Notification Service (Amazon SNS).
  • C. Use Amazon Athena to query AWS IAM Identity Center logs and send alerts using Amazon Simple Notification Service (Amazon SNS) for root login events.
  • D. Configure AWS Resource Access Manager to review the access logs and send alerts using Amazon Simple Notification Service (Amazon SNS).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 723993f at Nov. 26, 2024, 1:40 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
3 weeks, 2 days ago
Selected Answer: B
B - To trigger the EventBridge based-on root event
upvoted 1 times
...
TareDHakim
3 months, 4 weeks ago
Selected Answer: B
EventBridge, create a rule with the following event pattern: json Copy code { "detail": { "eventName": ["ConsoleLogin"], "userIdentity": { "type": ["Root"] }, "responseElements": { "ConsoleLogin": ["Success"] } } } This ensures that only root user login events trigger the rule
upvoted 1 times
...
IPLogic
4 months, 4 weeks ago
Selected Answer: B
The most effective way to achieve this goal is to use Amazon EventBridge. EventBridge Rule: Create an EventBridge rule that triggers on console login events. Target SNS Topic: Configure the rule to send notifications to an SNS topic. SNS Subscriptions: Subscribe relevant security team members or security tools to the SNS topic. This approach offers several advantages: Real-time Monitoring: EventBridge can detect and respond to events in real-time, ensuring immediate alerts for root logins. Scalability: EventBridge can handle a large volume of events efficiently, making it suitable for large-scale environments. Flexibility: EventBridge can be integrated with various AWS services, allowing for customization and automation of response actions. Cost-Effective: EventBridge is a serverless service, so you only pay for the resources consumed.
upvoted 1 times
IPLogic
4 months, 4 weeks ago
Option A: Using Lambda to periodically query CloudTrail can introduce latency and might not be as efficient as real-time monitoring. Option C: IAM Identity Center logs might not provide the level of detail needed for root login detection. Option D: Resource Access Manager is not designed for real-time monitoring of console login events. By leveraging EventBridge, the security team can ensure timely detection and response to root login events, mitigating potential security risks.
upvoted 1 times
...
...
723993f
5 months, 1 week ago
Selected Answer: B
it tests you if you know that cloudtrail is enabled by default, which can be consumed by eventbridge and sns for quick alerts
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago