ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 229 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 229
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company's security officer is concerned about the risk of AWS account root user logins and has assigned a security engineer to implement a notification solution for near-real-time alerts upon account root user logins.
How should the security engineer meet these requirements?

  • A. Create a cron job that runs a script to download the AWS IAM security credentials file, parse the file for account root user logins, and email the security team's distribution list.
  • B. Run AWS CloudTrail logs through Amazon CloudWatch Events to detect account root user logins and trigger an AWS Lambda function to send an Amazon SNS notification to the security team's distribution list.
  • C. Save AWS CloudTrail logs to an Amazon S3 bucket in the security team's account. Process the CloudTrail logs with the security engineer's logging solution for account root user logins. Send an Amazon SNS notification to the security team upon encountering the account root user login events.
  • D. Save VPC Flow Logs to an Amazon S3 bucket in the security team's account, and process the VPC Flow Logs with their logging solutions for account root user logins. Send an Amazon SNS notification to the security team upon encountering the account root user login events.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/
by viestner at March 16, 2021, 8:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cldy
Highly Voted 3 years, 6 months ago
B. Console login event in CWE
upvoted 21 times
...
sanjaym
Highly Voted 3 years, 6 months ago
Answer: B
upvoted 5 times
...
pal40sg
Most Recent 1 year, 11 months ago
Selected Answer: B
By using CloudTrail logs and CloudWatch Events, the security engineer can set up a rule to monitor for account root user logins. When a root user login event is detected in the CloudTrail logs, CloudWatch Events can trigger an AWS Lambda function. This Lambda function can then send an Amazon SNS notification to the security team's distribution list, providing near-real-time alerts for root user logins.
upvoted 1 times
...
Dmosh
2 years ago
Although you don't need the lambda to implement this. B
upvoted 1 times
...
ITGURU51
2 years ago
One way to do this is by using an Amazon CloudWatch Events rule that detects any AWS account root user API events and triggers an AWS Lambda function. The Lambda function then processes the root API event and publishes a message to an Amazon SNS topic, where the subject contains the AWS account ID or AWS account alias where the root API call was detected and the type of API activity. The SNS topic then sends notifications to its email subscribers about this event. B
upvoted 1 times
...
dcasabona
2 years, 9 months ago
Selected Answer: B
Option B make sense to me.
upvoted 1 times
...
Radhaghosh
3 years, 3 months ago
Question ask real time (C & D out) B. Run AWS CloudTrail logs through Amazon CloudWatch Events to detect account root user logins and trigger an AWS Lambda function to send an Amazon SNS notification to the security teamג€™s distribution list.
upvoted 1 times
...
kiev
3 years, 6 months ago
CT/CW,/SNS equal B
upvoted 2 times
...
[Removed]
3 years, 7 months ago
B -- 100%
upvoted 4 times
...
viestner
3 years, 7 months ago
B . .sure
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago