In a highly regulated company, DevOps engineers are restricted from logging into Amazon EC2 instances except in emergencies. The security team must be notified within 15 minutes if a login occurs. Which AWS service configuration will effectively monitor and notify the security team of such logins?

Exam-Like

Deploy the Amazon Inspector agent on each EC2 instance, subscribe to Amazon EventBridge notifications, and use an AWS Lambda function to detect user login messages, then notify the security team via Amazon SNS.

0.0%

Deploy the Amazon CloudWatch agent on each EC2 instance, configure it to send logs to Amazon CloudWatch Logs, set up a CloudWatch metric filter for user logins, and notify the security team via Amazon SNS if a login is detected.

100.0%

Configure AWS CloudTrail with Amazon CloudWatch Logs, subscribe CloudWatch Logs to Amazon Kinesis, attach an AWS Lambda function to Kinesis to parse logs for user logins, and notify the security team via Amazon SNS if a login is found.

0.0%

Set up a script on each Amazon EC2 instance to send logs to Amazon S3, configure an S3 event to trigger an AWS Lambda function, which runs an Amazon Athena query to check for logins, and notify the security team via Amazon SNS if a login is detected.

0.0%

AWS Certified DevOps Engineer - Professional

Get started today

Comments

In a highly regulated company, DevOps engineers are restricted from logging into Amazon EC2 instances except in emergencies. The security team must be notified within 15 minutes if a login occurs. Which AWS service configuration will effectively monitor and notify the security team of such logins?