exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 305 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 305
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has a strict policy against using root credentials. The company's security team wants to be alerted as soon as possible when root credentials are used to sign in to the AWS Management Console.
How should the security team achieve this goal?

  • A. Use AWS Lambda to periodically query AWS CloudTrail for console login events and send alerts using Amazon Simple Notification Service (Amazon SNS).
  • B. Use Amazon EventBridge (Amazon CloudWatch Events) to monitor console logins and direct them to Amazon Simple Notification Service (Amazon SNS).
  • C. Use Amazon Athena to query AWS SSO logs and send alerts using Amazon Simple Notification Service (Amazon SNS) for root login events.
  • D. Configure AWS Resource Access Manager to review the access logs and send alerts using Amazon Simple Notification Service (Amazon SNS).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Raphaello
1 year, 4 months ago
Selected Answer: B
B is correct.
upvoted 1 times
...
Toptip
2 years, 1 month ago
Selected Answer: B
B - EventBridge rule pattern can be used to monitor the Cloudtrail/Cloudwatch logs for a specific log events (don't really need Lambda for that)
upvoted 2 times
...
awsec2
2 years, 6 months ago
B. Amazon EventBridge can be used to monitor console logins and trigger an event when a root login is detected. The event can then be directed to Amazon SNS, which can send an alert to the security team. This will allow the security team to be notified as soon as a root login occurs.
upvoted 2 times
...
lotfi50
3 years ago
Selected Answer: B
Answer is B
upvoted 1 times
...
AliS2020
3 years, 5 months ago
It should be B In turn, CloudWatch integrates with Amazon Simple Notification Services (SNS). You can combine these three services in such a way that SNS will send you an email when CloudTrail detects root access key activity in your AWS account. https://aws.amazon.com/blogs/security/how-to-receive-notifications-when-your-aws-accounts-root-access-keys-are-used/
upvoted 4 times
Ayusef
3 years, 2 months ago
The problem with B is it does not mention Cloud Trail at all. The whole scenario with B does not work without Cloud trail.
upvoted 1 times
...
...
RaySmith
3 years, 5 months ago
Answer is B https://aws.amazon.com/premiumsupport/knowledge-center/root-user-account-eventbridge-rule/
upvoted 4 times
...
argol
3 years, 6 months ago
Amazon CloudWatch Events "B" is the answer
upvoted 2 times
...
jayaj
3 years, 6 months ago
"want to be notified immediately" A - is Lambda to check CT periodically so not immediate. Has to be B - CW events.
upvoted 2 times
...
sam_live
3 years, 6 months ago
user login activities are auto enabled in CloudTrail. One can see Root user activities in CloudTrail logs, and they can be queried by using a function. A should be the answer.
upvoted 1 times
...
network_zeal
3 years, 6 months ago
B, CW events
upvoted 3 times
...
Ayusef
3 years, 6 months ago
None of these are the best answer but of the choices I would say ...A... cloud trail is the tool for identity who and SNS for notification.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...