DVA-C02 · Question #771
DVA-C02 Question #771: Real Exam Question with Answer & Explanation
Sign in or unlock DVA-C02 to reveal the answer and full explanation for question #771. The question stem and answer options stay visible for context.
Question
A company uses an AWS CloudFormation stack to deploy a serverless application that is based on AWS Lambda functions. The company uses Amazon CloudWatch, AWS CloudTrail, and Amazon Inspector to monitor activity in its AWS accounts. The company suspects that some developers have made manual modifications to the IAM execution roles for the Lambda functions outside of the CloudFormation stack. The changes have made the IAM execution roles overly permissive and less secure. The company needs a solution to review manual changes that the developers have made to the IAM execution roles. Which solution will meet this requirement in the MOST operationally efficient way?
Options
- AScan the CloudTrail logs. Look for iam:PutRolePolicy events.
- BRun a drift detection check on the CloudFormation stack.
- CView IAM configuration changes by using the Amazon Inspector history.
- DCreate a Lambda function to log IAM resource changes in response to Amazon EventBridge
Unlock DVA-C02 to see the answer
You've previewed enough free DVA-C02 questions. Unlock DVA-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.