ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 915 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 915
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-
Region AWS CloudTrail trail in the AWS account.
Which combination of steps will meet these requirements? (Choose three.)

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser.
  • B. Configure CloudTrail to send a notification for the CreateUser event to an Amazon Simple Notification Service (Amazon SNS) topic.
  • C. Invoke a container that runs in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access.
  • D. Invoke an AWS Step Functions state machine to remove access.
  • E. Use Amazon Simple Notification Service (Amazon SNS) to notify the security team.
  • F. Use Amazon Pinpoint to notify the security team.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by Rocketeer at Sept. 3, 2022, 9:55 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
aewis
1 year, 4 months ago
Correct ADE
upvoted 1 times
...
ggrodskiy
1 year, 10 months ago
Correct ADE.
upvoted 1 times
...
masetromain
2 years, 4 months ago
Selected Answer: ADE
A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser. D. Invoke an AWS Step Functions state machine to remove access. E. Use Amazon Simple Notification Service (Amazon SNS) to notify the security team. A: By creating an Amazon EventBridge (CloudWatch Events) rule, the company can monitor the CreateUser event which is emitted by CloudTrail when a new IAM user is created. D: Invoking an AWS Step Functions state machine is a powerful way to automate a set of actions. In this case, a state machine can be created to remove the access of the new IAM user. E: Using Amazon SNS to notify the security team, the company can send a message to the security team with the details of the new user, so they can review and approve the user.
upvoted 1 times
masetromain
2 years, 4 months ago
B: Configuring CloudTrail to send notifications to an Amazon SNS topic is a good way to get notified of certain events, but in this case, it is not necessary because the CloudTrail event is already being captured by the EventBridge rule. C: Invoke a container running in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access. This is an alternative method to remove access but it's not necessary in this case, as AWS Step Functions is a managed service that can be used to create and run state machines, it has the capability of removing access. F: Using Amazon Pinpoint to notify the security team, is another way to notify the team, but not necessary in this case since SNS is sufficient for this requirement.
upvoted 1 times
...
...
janvandermerwer
2 years, 6 months ago
Selected Answer: ADE
A - Res - Scan cloudtrail for API call B - No - Doesn't tie in with other solutions very well C - No - seems pricy when lambda or step function could do the same thing D - Yes - I guess? - E - Yes - notify the team as per requirement F - No - marketing solution, not really suitable for this scenario.
upvoted 1 times
...
Ell89
2 years, 7 months ago
Selected Answer: ADE
A D and E
upvoted 1 times
...
pixepe
2 years, 8 months ago
Answer - A, D and E B is INCORRET because SNS notification is NOT at event level, it is at log file level and one log file can have multiple events. From AWS, "CloudTrail stores multiple events in a log file. When you enable this option, Amazon SNS notifications are sent for every log file delivery to your S3 bucket, not for every event." -> B is NOT correct
upvoted 2 times
...
AwsBRFan
2 years, 8 months ago
Selected Answer: ADE
Yeah maybe ADE - https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/send-a-notification-when-an-iam-user-is-created.html
upvoted 3 times
...
AwsBRFan
2 years, 8 months ago
Selected Answer: BDE
Maybe BDE - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html
upvoted 2 times
...
cale
2 years, 8 months ago
Selected Answer: ADE
I also think it's A, D, E. Step Functions invoked by EventBridge.
upvoted 1 times
...
SGES
2 years, 8 months ago
ADE - My opinion
upvoted 1 times
...
Rocketeer
2 years, 8 months ago
Why not ADE
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel