SCS-C02 · Question #204
SCS-C02 Question #204: Real Exam Question with Answer & Explanation
The correct answer is B: Verify that a metric filter was created and then mapped to an alarm. Check the alarm notification. It checks the configuration of the CloudWatch alarm that is supposed to monitor the CloudTrail log events. The analyst should verify that a metric filter was created to extract the relevant information from the log events, such as the event name, source, and user identity. The an
Question
A security analyst attempted to troubleshoot the monitoring of suspicious security group changes. The analyst was told that there is an Amazon CloudWatch alarm in place for these AWS CloudTrail log events. The analyst tested the monitoring setup by making a configuration change to the security group but did not receive any alerts. Which of the following troubleshooting steps should the analyst perform?
Options
- AEnsure that CloudTrail and S3 bucket access logging is enabled for the analyst's AWS account.
- BVerify that a metric filter was created and then mapped to an alarm. Check the alarm notification
- CCheck the CloudWatch dashboards to ensure that there is a metric configured with an appropriate
- DVerify that the analyst's account is mapped to an IAM policy that includes permissions for
Explanation
It checks the configuration of the CloudWatch alarm that is supposed to monitor the CloudTrail log events. The analyst should verify that a metric filter was created to extract the relevant information from the log events, such as the event name, source, and user identity. The analyst should also verify that the metric filter was mapped to an alarm that triggers when a certain threshold is reached, and that the alarm notification action is set up correctly to send alerts to the
Community Discussion
No community discussion yet for this question.