ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 467 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 467
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A security team needs to enforce the rotation of all IAM users' access keys every 90 days. If an access key is found to be older, the key must be made inactive and removed. A solutions architect must create a solution that will check for and remediate any keys older than 90 days.
Which solution meets these requirements with the LEAST operational effort?

  • A. Create an AWS Config rule to check for the key age. Configure the AWS Config rule to run an AWS Batch job to remove the key.
  • B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Configure the rule to run an AWS Batch job to remove the key.
  • C. Create an AWS Config rule to check for the key age. Define an Amazon EventBridge (Amazon CloudWatch Events) rule to schedule an AWS Lambda function to remove the key.
  • D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to check for the key age. Define an EventBridge (CloudWatch Events) rule to run an AWS Batch job to remove the key.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Hizumi at Aug. 20, 2021, 12:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Hizumi
Highly Voted 3 years, 7 months ago
Answer should be (C), the article posted in resources does not mention anything about AWS Batch and Batch is used to configure resources and run data analytics workload. We want to use AWS Config to assess and see whether the keys are in compliance and than automate and alert the necessary services by uses Eventbridge and Lambda instead as the only other option available with the choices we have. https://aws.amazon.com/config/
upvoted 26 times
patriktre
3 years, 6 months ago
agree with C. it is "strange" that examtopic link provided to the answer: https://aws.amazon.com/blogs/mt/managing-aged-access-keys-through-aws-config-remediations/ points to correct solution using the lambda function. but despite of that their answer is A. it is weird and misleading
upvoted 8 times
Gomer
3 years, 5 months ago
Examtopics does not create these exams or the answers. Theu do appear to rewrite the questions to differ somewhat from amazon wording (avoid copyright). Examtopics is a GOOD resource for trying to decipher what the true answer is, but it takes work.
upvoted 4 times
...
...
...
BECAUSE
Most Recent 1 year, 11 months ago
Selected Answer: C
C is the answer
upvoted 1 times
...
anhdao1211
2 years, 6 months ago
Selected Answer: A
A is correct,LEAST operational effort?
upvoted 1 times
...
Root_Access
2 years, 8 months ago
Selected Answer: A
You can check for compliance using config then run an SSM document that invokes lambda and removes the key, you dont need eventbridge.
upvoted 1 times
...
exam_war
2 years, 8 months ago
Selected Answer: A
AWS auto remediation: https://aws.amazon.com/blogs/mt/managing-aged-access-keys-through-aws-config-remediations/
upvoted 1 times
...
Karthikeyan_nick
3 years ago
Requirement with "LEAST amount of operational effort" Answer : A
upvoted 1 times
...
examJack
3 years, 1 month ago
Selected Answer: C
* AWS Config provides a detailed view of the resources associated with your AWS account, including how they are configured, how they are related to one another, and how the configurations and their relationships have changed over time. * Amazon EventBridge is a serverless event bus service that makes it easy to connect your applications with data from a variety of sources. EventBridge delivers a stream of real-time data from your own applications, software-as-a-service (SaaS) applications, and AWS services and routes that data to targets such as AWS Lambda. You can set up routing rules to determine where to send your data to build application architectures that react in real time to all of your data sources. EventBridge enables you to build event-driven architectures that are loosely coupled and distributed.
upvoted 4 times
...
azure_kai
3 years, 4 months ago
Selected Answer: C
Ans: C
upvoted 2 times
...
muhsin
3 years, 4 months ago
I think there is a typo in answer A. AWS Batch is probably AWS System Manager.
upvoted 1 times
...
jc966
3 years, 5 months ago
A https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsconfig.html
upvoted 2 times
jc966
3 years, 5 months ago
An option to enforce compliance is to use one of AWS Config’s features, automatic remediation. https://aws.amazon.com/blogs/mt/managing-aged-access-keys-through-aws-config-remediations/
upvoted 1 times
...
...
Jamati
3 years, 6 months ago
Agreed answer is C
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago