AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
In an AWS environment, the security team utilizes AWS CloudTrail to monitor and detect sensitive security issues within the company's AWS account. The DevOps engineer is required to implement an automated remediation solution to re-enable CloudTrail logging if it is inadvertently or maliciously disabled. Which of the following solutions offers the most rapid and efficient remediation to ensure minimal disruption to CloudTrail log delivery?
Explanation:
The correct answer is A. This solution uses an Amazon EventBridge rule to detect the StopLogging event in CloudTrail. When this event is detected, it triggers an AWS Lambda function that immediately calls StartLogging to re-enable CloudTrail logging. This approach offers the quickest remediation because it responds directly to the StopLogging event, minimizing downtime for CloudTrail log deliveries. Other options either have longer intervals before detecting the issue (e.g., every 5 minutes or 1 hour) or involve less efficient solutions like maintaining an EC2 instance, which is not as cost-effective or responsive.