A company's security information events management (SIEM) tool receives new AWS CloudTrail logs from an Amazon S3 bucket that is configured to send all object created event notifications to an Amazon SNS topic. An Amazon SQS queue is subscribed to this SNS topic. The company's SIEM tool then polls this SQS queue for new messages using an IAM role and fetches new log events from the S3 bucket based on the SQS messages. After a recent security review that resulted in restricted permissions, the SIEM tool has stopped receiving new CloudTrail logs. Which of the following are possible causes of this issue? (Choose three.)
A) The SQS queue does not allow the SQS:SendMessage action from the SNS topic.
B) The SNS topic does not allow the SNS:Publish action from Amazon S3.
C) The SNS topic is not delivering raw messages to the SQS queue.
D) The S3 bucket policy does not allow CloudTrail to perform the PutObject action.
E) The IAM role used by the SIEM tool does not have permission to subscribe to the SNS topic.
F) The IAM role used by the SIEM tool does not allow the SQS:DeleteMessage action.
Correct Answer:
Verified
Q228: A company has a compliance requirement to
Q229: A company needs to retain log data
Q230: A company uses an Amazon S3 bucket
Q231: Developers in an organization have moved from
Q232: A company manages multiple AWS accounts using
Q234: An organizational must establish the ability to
Q235: A company uses HTTP Live Streaming (HLS)
Q236: A company plans to use custom AMIs
Q237: Two Amazon EC2 instances in different subnets
Q238: A security engineer noticed an anomaly within
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents