ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 354 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 354
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company hosts an application in its AWS account. The application uses an Amazon S3 bucket to store objects that contain sensitive information.

The company needs to capture object-level S3 API calls, including calls that are rejected because the calls were made by using credentials that are not valid.

Which solution will meet these requirements?

  • A. Create an AWS CloudTrail trail in the account. Enable S3 data events logging. Configure the trail to log to Amazon CloudWatch.
  • B. Create a new S3 bucket. Configure access logging on the application's S3 bucket. Deliver the access logs to the new S3 bucket.
  • C. Configure Amazon GuardDuty with S3 protection enabled for the account. Create an Amazon EventBridge rule that matches findings that are associated with the S3 bucket. Configure the rule to use an Amazon Simple Queue Service (Amazon SQS) queue as the target.
  • D. Create an AWS CloudTrail trail and a new S3 bucket in the account. Configure the trail to log to the S3 new bucket.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by GripZA at April 22, 2025, 8:14 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Jonalb
3 weeks, 2 days ago
Selected Answer: A
To capture API calls at object level in the Amazon S3, including calls rejected by invalid credentials, you need to enable the "data events" in AWS CloudTrail. Cloudtrail is the only service that records all API calls, including: Putobject, GetObject, Deleteobject, etc. Authorized and unauthorized calls (eg, AccessDenied error or invalidationSKeyid). Date events are required to register object level operations in S3. Sending logs to Cloudwatch allows for real -time alerts and queries (optional, but helps visibility).
upvoted 1 times
...
gbemimatti
2 months ago
Selected Answer: A
Option A S3 Access Logs are great for basic access auditing and billing analysis, but they do not capture denied requests or IAM-level details. CloudTrail data events are the only service that logs both accepted and rejected S3 object-level API calls, fulfilling the security requirement.
upvoted 1 times
...
GripZA
4 months ago
Selected Answer: B
Server access logging provides detailed records for the requests that are made to a bucket. Server access logs are useful for many applications. For example, access log information can be useful in security and access audits. This information can also help you learn about your customer base and understand your Amazon S3 bill. best practice to use a new S3 bucket: When your source bucket and destination bucket are the same bucket, additional logs are created for the logs that are written to the bucket, which creates an infinite loop of logs. We do not recommend doing this because it could result in a small increase in your storage billing. https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel