Examice

Exam DOP-C02 All QuestionsBrowse all questions from this exam

Question 230

A company uses AWS Organizations to manage its AWS accounts. The company wants its monitoring system to receive an alert when a root user logs in. The company also needs a dashboard to display any log activity that the root user generates.

Which combination of steps will meet these requirements? (Choose three.)

Enable AWS Config with a multi-account aggregator. Configure log forwarding to Amazon CloudWatch Logs.

Create an Amazon QuickSight dashboard that uses an Amazon CloudWatch Logs query.

Create an Amazon CloudWatch Logs metric filter to match root user login events. Configure a CloudWatch alarm and an Amazon Simple Notification Service (Amazon SNS) topic to send alerts to the company's monitoring system.

Create an Amazon CloudWatch Logs subscription filter to match root user login events. Configure the filter to forward events to an Amazon Simple Notification Service (Amazon SNS) topic. Configure the SNS topic to send alerts to the company's monitoring system.

Create an AWS CloudTrail organization trail. Configure the organization trail to send events to Amazon CloudWatch Logs.

Create an Amazon CloudWatch dashboard that uses a CloudWatch Logs Insights query.

Correct Answer: C, E, F

To meet the requirements of receiving an alert when a root user logs in and displaying log activity on a dashboard, the company should follow these steps: First, create an AWS CloudTrail organization trail to capture all activities, including root user logins, across all accounts and send these events to Amazon CloudWatch Logs. Second, create an Amazon CloudWatch Logs metric filter to match root user login events, and configure a CloudWatch alarm and an Amazon Simple Notification Service (Amazon SNS) topic to send alerts to the company's monitoring system. Third, use CloudWatch Logs Insights to create queries to extract and visualize log data related to root user activity on a CloudWatch dashboard, providing a centralized view of root user actions.

Discussion

KaranNishadOptions: CEF

Correct answer.

tgv

---> CEF

TEC1Options: CEF

E- AWS CloudTrail will log all activities, including root user logins, across all accounts in the organisation. Sending these logs to CloudWatch Logs enables further processing and analysis. C- Creating a metric filter to detect root user login events will allow you to trigger a CloudWatch alarm. The alarm can then send notifications via SNS to the company's monitoring system, ensuring real-time alerts for root user logins. F- Using CloudWatch Logs Insights, you can create queries to extract and visualise log data related to root user activity. This data can be displayed on a CloudWatch dashboard, providing a centralised view of root user actions.

trungtdOptions: CEF

E first, then C, and the last is F E ensures that all events, including root user login events, are captured across all accounts in the organization. By sending these events to CloudWatch Logs, you centralize the logging data, making it accessible for further processing. C creating a metric filter in CloudWatch Logs to detect specific patterns in the log data, such as root user login events. F creating a CloudWatch dashboard that utilizes CloudWatch Logs Insights to query and visualize the log data. This dashboard can be used to display detailed information about root user login activity and other relevant log events.