SCS-C02 · Question #211
SCS-C02 Question #211: Real Exam Question with Answer & Explanation
The correct answer is C: Configure AWS CloudTrail to send its logs to Amazon CloudWatch Logs. Configure a metric filter. To receive near-real-time notifications of AWS account root user sign-ins, the most effective solutions involve the use of AWS CloudTrail logs, Amazon CloudWatch Logs, and Amazon Solution C involves configuring AWS CloudTrail to send logs to Amazon CloudWatch Logs and then settin
Question
A company has secured the AWS account root user for its AWS account by following AWS best practices. The company also has enabled AWS CloudTrail, which is sending its logs to Amazon S3. A security engineer wants to receive notification in near-real time if a user uses the AWS account root user credentials to sign in to the AWS Management Console. Which solutions will provide this notification? (Choose two.)
Options
- AUse AWS Trusted Advisor and its security evaluations for the root account. Configure an Amazon
- BUse AWS IAM Access Analyzer. Create an Amazon CloudWatch Logs metric filter to evaluate log
- CConfigure AWS CloudTrail to send its logs to Amazon CloudWatch Logs. Configure a metric filter
- DConfigure AWS CloudTrail to send log notifications to an Amazon Simple Notification Service
- EConfigure an Amazon EventBridge event rule that runs when Amazon CloudWatch API calls are
Explanation
To receive near-real-time notifications of AWS account root user sign-ins, the most effective solutions involve the use of AWS CloudTrail logs, Amazon CloudWatch Logs, and Amazon Solution C involves configuring AWS CloudTrail to send logs to Amazon CloudWatch Logs and then setting up a CloudWatch Logs metric filter to detect successful root account logins. When such logins are detected, a CloudWatch alarm can be configured to trigger and notify an Amazon Simple Notification Service (Amazon SNS) topic, which in turn can send notifications to the required endpoints. This solution provides an efficient way to monitor and alert on root account usage without requiring custom parsing or handling of log data. Solution E uses Amazon EventBridge to monitor for specific AWS API calls, such as SignIn events that indicate a successful root account login. By configuring an EventBridge rule to trigger on these events, notifications can be sent directly to an SNS topic, which then distributes the alerts to the necessary endpoints. This approach leverages native AWS event patterns and provides a streamlined mechanism for detecting and alerting on root account activity. Both solutions offer automation, scalability, and the ability to integrate with other AWS services, ensuring that stakeholders are promptly alerted to critical security events involving the root user.
Community Discussion
No community discussion yet for this question.