A company uses federated access for its AWS environment. The company creates and manages IAM roles by using AWS CloudFormation from a CI/CD pipeline. All changes should be made to the IAM roles through the pipeline. The company's security team discovers that out-of-band changes are being made to the IAM roles. The security team needs a way to detect when these out-of-band changes occur. What should a DevOps engineer do to meet this requirement?
A) Use Amazon Inspector rules to detect and notify when an AWS CloudFormation stack has a configuration change.
B) Use AWS Trusted Advisor to detect and notify when an AWS CloudFormation stack has a configuration change.
C) Use AWS CloudTrail to detect and notify when an AWS CloudFormation stack detects a configuration change.
D) Use an AWS Config rule to detect and notify when AWS CloudFormation drift detection identifies a configuration change.
Correct Answer:
Verified
Q576: Your application's Auto Scaling Group scales up
Q577: Due to compliance regulations, management has asked
Q578: Your serverless architecture using AWS API Gateway,
Q579: When running a playbook on a remote
Q580: A startup company is developing a web
Q582: Which of these is not an instrinsic
Q583: A company is using Amazon EC2 for
Q584: You have just recently deployed an application
Q585: You have been asked to handle a
Q586: Which of these techniques enables the fastest
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents