ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 29 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 29
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company's DevOps engineer is working in a multi-account environment. The company uses AWS Transit Gateway to route all outbound traffic through a network operations account. In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.
The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO. The security team wants to receive an alert if any CRITICAL events occur.
What should the DevOps engineer do to meet these requirements?

  • A. Create an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team's email address to the topic.
  • B. Create an Amazon CloudWatch mettic filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team's email address to the topic.
  • C. Enable Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.
  • D. Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team's email address to the topic.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by bigdood at Aug. 31, 2022, 3:41 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
animalrj
Highly Voted 2 years, 8 months ago
Selected Answer: B
If there was no Logs being sent to CW, I would definitly goes with GuardDuty.But GuardDuty is a Threat Detection based on VPCLogs, Cloud Trail, DNS Logs and EventBridge. In this question we need to analyse logs. Thats the point.
upvoted 7 times
...
frizzolo
Most Recent 1 year, 9 months ago
Selected Answer: B
Vote for B
upvoted 2 times
...
m4r0ck
1 year, 11 months ago
Selected Answer: B
C could also be an answer but it's an overkill because it's not free and too much for a simple log extraction task based on term "CRITICAL" that can be achieved with just cloudwatch metric filters
upvoted 1 times
...
ram_rk
2 years ago
B https://www.examtopics.com/discussions/amazon/view/109224-exam-aws-certified-devops-engineer-professional-dop-c02/
upvoted 1 times
...
f3d3x15c0
2 years, 3 months ago
Selected Answer: B
B will alert CRITICAL from other apps, not only the firewall.
upvoted 2 times
...
Piccaso
2 years, 4 months ago
Selected Answer: A
B will alert CRITICAL from other apps, not only the firewall. C and D are excluded because CloudWatch is sufficient.
upvoted 1 times
Piccaso
2 years, 4 months ago
I agree with PepsNick. Amazon GuardDuty is even better.
upvoted 1 times
...
...
kerl
2 years, 4 months ago
Answer B Company using 3rd party to send log to cloudwatch.... "The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO"
upvoted 1 times
...
sasivarenan
2 years, 4 months ago
Selected Answer: C
GaurdDuty is the right option to opt for suspicious traffic
upvoted 1 times
...
Bulti
2 years, 4 months ago
The answer is B as firewall appliances are already sending logs to Cloudwatch logs.
upvoted 4 times
...
PepsNick
2 years, 4 months ago
Selected Answer: C
Answer C is in fact correct. This blog has all the information required regarding GuardDuty https://aws.amazon.com/blogs/security/automatically-block-suspicious-traffic-with-aws-network-firewall-and-amazon-guardduty/
upvoted 3 times
...
Teonardo
2 years, 5 months ago
Selected Answer: B
C is not correct
upvoted 2 times
...
developer_404
2 years, 6 months ago
Selected Answer: B
They are just asking for receiving notification on critical severity which can be done by Cloudwatch metrics filter and SNS
upvoted 3 times
...
flavins
2 years, 7 months ago
I go with B since there is configuration in place that sends logs to CW
upvoted 3 times
...
colinquek
2 years, 9 months ago
Selected Answer: B
B - as the rest are not searching the logs
upvoted 2 times
...
ohcn
2 years, 9 months ago
Selected Answer: B
I go with B. Question only asks about receiving an alert in case any CRITICAL alert arises. C could be an option if the company, for example, wants to enhance firewall threat source detection. B keep the solution simple. Refer to an example of solution using GuardDuty and Firewall - https://www.juniper.net/documentation/us/en/software/sky-atp/sky-atp/topics/topic-map/sky-atp-guardduty-srx-integration.html
upvoted 1 times
...
bigdood
2 years, 9 months ago
Since the logs are sent to Cloudwatch via the Firewall Appliance, filtering for the custom metric of CRITCAL from Cloudwatch would be the best response, thus, "B".
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel