Amazon Exam SCS-C02 Topic 5 Question 36 Discussion

Actual exam question for Amazon's SCS-C02 exam

Question #: 36
Topic #: 5

A company wants to receive automated email notifications when AWS access keys from developer AWS accounts are detected on code repository sites.

Which solution will provide the required email notifications?

ACreate an Amazon EventBridge rule to send Amazon Simple Notification Service (Amazon SNS) email notifications for Amazon GuardDuty UnauthorizedAccesslAMUser/lnstanceCredentialExfiltration OutsideAWS findings.

BChange the AWS account contact information for the Operations type to a separate email address. Periodically poll this email address for notifications.

CCreate an Amazon EventBridge rule that reacts to AWS Health events that have a value of Risk for the service category Configure email notifications by using Amazon Simple Notification Service (Amazon SNS).

DImplement new anomaly detection software. Ingest AWS CloudTrail logs. Configure monitoring for ConsoleLogin events in the AWS Management Console. Configure email notifications from the anomaly detection software.

Show Suggested Answer

Suggested Answer: A

The solution to receiving automated email notifications when AWS access keys are detected on code repository sites is to use Amazon EventBridge with Amazon GuardDuty findings. Specifically, creating an EventBridge rule that targets Amazon GuardDuty findings, particularly the UnauthorizedAccess:IAMUser/InstanceCredentialExfiltration finding type, allows for the detection of potential unauthorized use or exposure of AWS credentials. When such a finding is detected, EventBridge can then trigger an action to send a notification via Amazon Simple Notification Service (Amazon SNS). By configuring an SNS topic to send emails, stakeholders can be promptly informed of such security incidents. This approach leverages AWS's native security and monitoring services to provide timely alerts with minimal operational overhead, ensuring that the company can respond quickly to potential security breaches involving exposed AWS credentials.

by Hillary at Oct 20, 2024, 12:38 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rashad

1 days ago

B is an interesting approach, but I'm not sure if it's the most efficient way to handle this. Seems like a lot of manual work.

upvoted 0 times

...

Nobuko

11 days ago

D looks promising, but I'm not sure if it's overkill for this use case. Maybe a combination of A and C could work?

upvoted 0 times

...

Lashonda

18 days ago

A seems like a good option, but I'm not sure if it covers all the bases. Might need to look into the other solutions as well.

upvoted 0 times

Ashlee

3 days ago

A) Create an Amazon EventBridge rule to send Amazon Simple Notification Service (Amazon SNS) email notifications for Amazon GuardDuty UnauthorizedAccesslAMUser/lnstanceCredentialExfiltration OutsideAWS findings.

upvoted 0 times

...

Dortha

20 days ago

I agree with Larae. Option A seems to be the most efficient and effective solution for receiving automated email notifications.

upvoted 0 times

...

Larae

24 days ago

I think option A is the best solution because it uses Amazon EventBridge and Amazon SNS for email notifications.

upvoted 0 times

...