ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 44 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 44
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A highly regulated company has a policy that DevOps Engineers should not log in to their Amazon EC2 instances except in emergencies. If a DevOps Engineer does log in, the Security team must be notified within 15 minutes of the occurrence.
Which solution will meet these requirements?

  • A. Install the Amazon Inspector agent on each EC2 instance. Subscribe to Amazon CloudWatch Events notifications. Trigger an AWS Lambda function to check if a message is about user logins. If it is, send a notification to the Security team using Amazon SNS.
  • B. Install the Amazon CloudWatch agent on each EC2 instance. Configure the agent to push all logs to Amazon CloudWatch Logs and set up a CloudWatch metric filter that searches for user logins. If a login is found, send a notification to the Security team using Amazon SNS.
  • C. Set up AWS CloudTrail with Amazon CloudWatch Logs. Subscribe CloudWatch Logs to Amazon Kinesis. Attach AWS Lambda to Kinesis to parse and determine if a log contains a user login. If it does, send a notification to the Security team using Amazon SNS.
  • D. Set up a script on each Amazon EC2 instance to push all logs to Amazon S3. Set up an S3 event to trigger an AWS Lambda function, which triggers an Amazon Athena query to run. The Athena query checks for logins and sends the output to the Security team using Amazon SNS.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by jxp09 at Aug. 11, 2020, 1:10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jxp09
Highly Voted 3 years, 8 months ago
https://aws.amazon.com/blogs/security/how-to-monitor-and-visualize-failed-ssh-access-attempts-to-amazon-ec2-linux-instances/ B
upvoted 14 times
saeidp
2 years, 5 months ago
Thanks for the link
upvoted 1 times
...
svjl
3 years, 8 months ago
This is not about failed access.
upvoted 1 times
GreatFunana
3 years, 5 months ago
Bruh. Stop being that person who just read the URL string and not bothered to read or at least skim the article. The technique listed in here could easily be adapted for login attempts.
upvoted 3 times
GreatFunana
3 years, 5 months ago
Excuse me, the technique listed in here could easily be adapted for successful logins*
upvoted 2 times
...
...
...
bnagaraja9099
3 years, 7 months ago
Thanks ofr the link
upvoted 1 times
...
MikeyJ
2 years, 9 months ago
A CloudWatch Logs agent runs on each EC2 instance. The agents are configured to send SSH logs from the EC2 instance to a log stream identified by an instance ID. Log streams are aggregated into a log group. As a result, one log group contains all the logs you want to analyze from one or more instances. You apply metric filters to a log group in order to search for specific keywords. When the metric filter finds specific keywords, the filter counts the occurrences of the keywords in a time-based sliding window. If the occurrence of a keyword exceeds the CloudWatch alarm threshold, an alarm is triggered.
upvoted 2 times
...
...
YR4591
Most Recent 1 year, 8 months ago
Selected Answer: B
B, Cloud watch agent can collect OS logs included ssh logins
upvoted 1 times
...
frizzolo
1 year, 9 months ago
vote for B
upvoted 1 times
...
ParagSanyashiv
2 years, 1 month ago
Selected Answer: B
B is more suitable answer for this scenario.
upvoted 2 times
...
skkakarla
2 years, 4 months ago
The SSH example given in other comments is only for Linux. The question asks about EC2, so we have to factor in other types as well. So C seems the better option, as with cloudtrail we are still able to meet the 15 min timeline
upvoted 1 times
...
Piccaso
2 years, 4 months ago
Selected Answer: C
A and B are eliminated, because it is error-prone to install something on each EC2 instance. D is more error-prone.
upvoted 1 times
Piccaso
2 years, 4 months ago
I am in the second round, now I pick B.
upvoted 1 times
...
...
Bulti
2 years, 5 months ago
Answer is B. Within 15 min is the key. Cloudtrail logs cannot be analyzed within 15 min as it doesn't get to CloudWatch log within 15 min.
upvoted 1 times
...
saeidp
2 years, 5 months ago
B is correct A CloudWatch Logs agent runs on each EC2 instance. The agents are configured to send SSH logs from the EC2 instance to a log stream identified by an instance ID. https://aws.amazon.com/blogs/security/how-to-monitor-and-visualize-failed-ssh-access-attempts-to-amazon-ec2-linux-instances/
upvoted 2 times
...
whlq
2 years, 5 months ago
B C is incorrect because CloudTrail logs can take up to 15 minutes to record an event.
upvoted 2 times
thuyeinaung
2 years, 3 months ago
yes, this is the point
upvoted 1 times
...
...
saggy4
2 years, 6 months ago
Selected Answer: B
A - Inspector is for managing vulnerabilities B - Correct Answer, Cloudwatch agent can scan through the EC2 instances for SSH login logs C - Logging into an AWS EC2 instances is not traced by CloudTrail (Only if we use SSM but nothing is mentioned about it in the question). D - Too much work involved to do things
upvoted 4 times
...
SatenderRathee
2 years, 6 months ago
Selected Answer: C
The correct solution is C. Setting up AWS CloudTrail with Amazon CloudWatch Logs, subscribing CloudWatch Logs to Amazon Kinesis, and attaching an AWS Lambda function to Kinesis to parse the logs and determine if they contain user logins will meet the requirements of the question. This solution will allow the Security team to be notified within 15 minutes of any user logins on the EC2 instances.
upvoted 1 times
...
flavins
2 years, 7 months ago
Selected Answer: B
B is correct because is simple and fast. C is an over kill and complicated
upvoted 3 times
...
nebojsaMa
2 years, 7 months ago
C as the explenation says : https://docs.aws.amazon.com/IAM/latest/UserGuide/security-logging-and-monitoring.html
upvoted 1 times
...
SamHan
2 years, 9 months ago
Selected Answer: C
Ans: C Login requests will be logged only in cloudtrail not cloudwatch
upvoted 3 times
MichaelExam
2 years, 9 months ago
C should be wrong. Since the log of login to EC2 instance belong OS level. Cloudtrail don't log OS level event.
upvoted 3 times
...
...
blueorca
3 years, 4 months ago
B is correct, as the question states within 15 minutes. If it says immediately then it would be C. There might be multiple options that can do it, we always need to pick the best one, which includes lowest possible cost as well.
upvoted 4 times
...
certking
3 years, 7 months ago
B would be a perfect answer if it mentioned creating a CloudWatch Alarm: having a CloudWatch metric filter along doesn't trigger anything. I think C is technically possible but involves too much overhead such as building your Lambda function and paying for Kinesis. It's preventing the wheels
upvoted 2 times
...
GVGREAT
3 years, 7 months ago
Answer is B https://medium.com/@matthewleearthur/alerting-on-successful-ec2-ssh-logins-6b97ccfb33eb
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel