According to Information Security policy, changes to the contents of objects inside production Amazon S3 buckets that contain encrypted secrets should only be made by a trusted group of administrators. How should a DevOps Engineer create real-time, automated checks to meet this requirement?
A) Create an AWS Lambda function that is triggered by Amazon S3 data events for object changes and that also checks the IAM user's membership in an administrator's IAM role.
B) Create a periodic AWS Config rule to query Amazon S3 Logs for changes and to check the IAM user's membership in an administrator's IAM role.
C) Create a metrics filter for Amazon CloudWatch logs to check for Amazon S3 bucket-level permission changes and to check the IAM user's membership in an administrator's IAM role.
D) Create a periodic AWS Config rule to query AWS CloudTrail logs for changes to the Amazon S3 bucket-level permissions and to check the IAM user's membership in an administrator's IAM role.
Correct Answer:
Verified
Q493: An application running on multiple Amazon EC2
Q494: A company's legacy application uses IAM user
Q495: A company has an application deployed using
Q496: You have decided that you need to
Q497: Which Auto Scaling process would be helpful
Q499: A company updated the AWS CloudFormation template
Q500: A company recently migrated its legacy application
Q501: Your application consists of 10% writes and
Q502: A DevOps engineer is creating a CI/CD
Q503: Your company needs to automate 3 layers
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents