ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 151 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 151
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company uses a single AWS account to test applications on Amazon EC2 instances. The company has turned on AWS Config in the AWS account and has activated the restricted-ssh AWS Config managed rule.

The company needs an automated monitoring solution that will provide a customized notification in real time if any security group in the account is not compliant with the restricted-ssh rule. The customized notification must contain the name and ID of the noncompliant security group.

A DevOps engineer creates an Amazon Simple Notification Service (Amazon SNS) topic in the account and subscribes the appropriate personnel to the topic.

What should the DevOps engineer do next to meet these requirements?

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge (CloudWatch Events) rule. Configure the EventBridge (CloudWatch Events) rule to publish a notification to the SNS topic.
  • B. Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers.
  • C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure the EventBridge (CloudWatch Events) rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic.
  • D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that matches all AWS Config evaluation results of NON_COMPLIANT. Configure an input transformer for the restricted-ssh rule. Configure the EventBridge (CloudWatch Events) rule to publish a notification to the SNS topic.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Dimidrol at Jan. 13, 2023, 10:47 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Dimidrol
Highly Voted 2 years, 3 months ago
Selected Answer: A
A for me.https://aws.amazon.com/ru/premiumsupport/knowledge-center/config-resource-non-compliant/
upvoted 7 times
...
ospherenet
Most Recent 2 years, 2 months ago
The correct answer is A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge (CloudWatch Events) rule. Configure the EventBridge (CloudWatch Events) rule to publish a notification to the SNS topic. This approach uses Amazon EventBridge (previously known as Amazon CloudWatch Events) to filter AWS Config evaluation results based on the restricted-ssh rule and its compliance status (NON_COMPLIANT). An input transformer can be used to customize the information contained in the notification, such as the name and ID of the noncompliant security group. The EventBridge (CloudWatch Events) rule can then be configured to publish a notification to the SNS topic, which will notify the appropriate personnel in real-time.
upvoted 4 times
...
Piccaso
2 years, 2 months ago
Selected Answer: D
The difference between A and D is: A: matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. D: matches all AWS Config evaluation results of NON_COMPLIANT --> Configure an input transformer for the restricted-ssh rule We do need to match all results first, then configure a specific input transformer.
upvoted 3 times
...
Bulti
2 years, 3 months ago
Selected Answer: B
A is correct as this is the most efficient way to deliver customized NON_COMPLIANT evaluation results to the subscriber. B is another roundabout way of doing the same but the way it describes is not enough. It will require more complex filtering logic on not just NON_COMPLIANT text but also other attributes of the message since all config change events occurring across all resources are sent to the SNS Topic and filtering only the ones for a specific config rule involves much more than just searching for NON_COMPLIANT text. https://stackoverflow.com/questions/64146609/how-to-configure-aws-config-to-send-compliance-change-notification-to-sns-topic
upvoted 1 times
...
Christina666
2 years, 3 months ago
Selected Answer: A
Short description Use an EventBridge rule with a custom event pattern and an input transformer to match an AWS Config evaluation rule output as NON_COMPLIANT. Then, route the response to an Amazon Simple Notification Service (Amazon SNS) topic.
upvoted 1 times
...
a866325272
2 years, 3 months ago
I go with A
upvoted 1 times
...
Oleg_gol
2 years, 3 months ago
Selected Answer: A
i agree
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago