A company's security team discovers that IAM access keys were exposed in a public code repository. Moving forward, the DevOps team wants to implement a solution that will automatically disable any keys that are suspected of being compromised, and notify the security team. Which solution will accomplish this?
A) Create an Amazon CloudWatch Events event for Amazon Macie. Create an Amazon SNS topic with two subscriptions: one to notify the security team and another to trigger an AWS Lambda function that disables the access keys.
B) Enable Amazon GuardDuty and set up an Amazon CloudWatch Events rule event for GuardDuty. Trigger an AWS Lambda function to check if the event relates to compromised keys. If so, send a notification to the security team and disable the access keys.
C) Run an AWS CloudWatch Events rule every 5 minutes to invoke an AWS Lambda function that checks to see if the compromised tag for any access key is set to true. If so, notify the security team and disable the access keys.
D) Set up AWS Config and create an AWS CloudTrail event for AWS Config. Create an Amazon SNS topic with two subscriptions: one to notify the security team and another to trigger an AWS Lambda function that disables the access keys.
Correct Answer:
Verified
Q229: A DevOps engineer is assisting with a
Q230: A DevOps Engineer wants to prevent Developers
Q231: A DevOps engineer is tasked with migrating
Q232: An ecommerce company is running an application
Q233: A DevOps team manages an API running
Q235: A developer is building an application that
Q236: A company hosts its staging website using
Q237: A DevOps engineer used an AWS CloudFormation
Q238: The development team is creating a social
Q239: A company has built a web service
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents