ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 603 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 603
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate
Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate.
What should a solutions architect recommend to meet this requirement?

  • A. Add a rule in ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day, beginning 30 days before any certificate will expire.
  • B. Create an AWS Config rule that checks for certificates that will expire within 30 days. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource.
  • C. Use AWS Trusted Advisor to check for certificates that will expire within 30 days. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes. Configure the alarm to send a custom alerts by way of Amazon Simple Notification Service (Amazon SNS).
  • D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days. Configure the rule to invoke an AWS Lambda function. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by guptatrng at Sept. 8, 2022, 5:24 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nymets
Highly Voted 2 years, 8 months ago
Selected Answer: B
AWS Config rule + EventBridge. The answer is explained here - https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-expiration/
upvoted 5 times
...
BECAUSE
Most Recent 1 year, 11 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
sassy2023
2 years, 3 months ago
Selected Answer: D
D seems correct “The first of the two options I describe is to use the ACM built-in Certificate Expiration event, which is raised through Amazon EventBridge, to invoke a Lambda function. In this option, the function is configured to publish the result as a finding in Security Hub, and also as an SNS topic used for email subscriptions. As a result, an administrator can be notified of a specific expiring certificate, or an IT service management (ITSM) system can automatically open a case or incident through email or SNS.“ https://aws.amazon.com/blogs/security/how-to-monitor-expirations-of-imported-certificates-in-aws-certificate-manager-acm/
upvoted 1 times
...
sivasumanth
2 years, 7 months ago
Selected Answer: B
I will go with B D is out bcz of the extra lambda invocation to send out the notification which can be avoided
upvoted 2 times
...
Daepark
2 years, 7 months ago
Selected Answer: D
B sounds good but it goes too distant as it mentions "invoke SNS when AWS config reports noncomplience resources" addtionally. The question only asks about expiration notification. So D should be correct. This question is indeed quesiton-question... tricky but competitive one. https://docs.aws.amazon.com/acm/latest/userguide/supported-events.html
upvoted 1 times
...
guptatrng
2 years, 8 months ago
Confused between A and D... but will go for D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago