Answer-first summary for fast verification
Answer: Direct VPC flow logs to Amazon CloudWatch Logs, establish metric filters, and set an Amazon CloudWatch alarm with an ALARM state annotation.
The correct option is C. By publishing VPC flow logs to Amazon CloudWatch Logs, you can create the necessary metric filters to detect specific network activity, such as RDP or SSH access. Additionally, you can leverage Amazon CloudWatch Alarms to trigger notifications based on these metrics, ensuring that the operations team is notified when such access is detected. Option A, B, and D do not directly address the need for monitoring specific network traffic access like RDP or SSH in an isolated manner across multiple VPCs.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company uses Amazon EC2 instances for customer demonstration environments within isolated VPCs. How should they set up notifications for the operations team when RDP or SSH access occurs?
A
Use Amazon CloudWatch Application Insights to trigger AWS Systems Manager OpsItems upon RDP or SSH detection.
B
Assign an IAM role with AmazonSSMManagedInstanceCore policy to EC2 instances via an IAM instance profile.
C
Direct VPC flow logs to Amazon CloudWatch Logs, establish metric filters, and set an Amazon CloudWatch alarm with an ALARM state annotation.
D
Set up an Amazon EventBridge rule for EC2 Instance State-change Notifications, use an Amazon SNS topic for the operations team subscription.