ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 42 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 42
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported.
Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?

  • A. Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
  • B. Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
  • C. Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData.
  • D. Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BillyC at Aug. 27, 2019, 2:46 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DP15
Highly Voted 3 years, 9 months ago
I thing C is correct! As cloudwatch:putMetricData is required to create metrics.
upvoted 32 times
BillyC
3 years, 9 months ago
Yes C!
upvoted 9 times
...
cloudprincipal
3 years, 8 months ago
Agreed, C is the least permissive solution.
upvoted 3 times
...
...
hozefa
Highly Voted 3 years, 8 months ago
I had this question on my exam today. Correct answer is C
upvoted 16 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: C
C is the correct answer. Need "cloudwatch:putMetricData" action.
upvoted 1 times
...
matrpro
2 years, 2 months ago
Selected Answer: C
C is the correct one. They are asking for metrics in A we are talking about logs
upvoted 1 times
...
sandeep4537
2 years, 4 months ago
Its asking LEAST permission, so C is correct one. in Logstream is already there only, so only need to upload the data.
upvoted 1 times
...
hubekpeter
2 years, 7 months ago
Selected Answer: C
C is a correct answer, we are publishing custom metrics, not logs. You need to differentiate these to. https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricData.html
upvoted 3 times
...
boooliyooo
2 years, 7 months ago
Selected Answer: C
C: 1 action (lest) A: 2 action
upvoted 1 times
...
ryuhei
2 years, 11 months ago
Selected Answer: C
Answer:C
upvoted 2 times
...
sapien45
2 years, 11 months ago
Selected Answer: A
A custom metric publishing application has been created for Amazon CloudWatch
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
Answer C --> LEAST permissive option
upvoted 1 times
...
sanjaym
3 years, 8 months ago
Ans: C 100%
upvoted 1 times
...
DayQuil
3 years, 8 months ago
C. Only application metrics need to be published, not logs.
upvoted 1 times
...
NANDY666
3 years, 8 months ago
C is correct
upvoted 1 times
...
devjava
3 years, 8 months ago
Ans > C
upvoted 1 times
...
AfricanCloudGuru
3 years, 8 months ago
Ans (C)
upvoted 1 times
...
RaySmith
3 years, 8 months ago
C is correct
upvoted 2 times
...
RakeshTaninki
3 years, 8 months ago
Least privilege C is the answer
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel