AWS Certified DevOps Engineer - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the EventBridge rule.

The correct answer is A. This solution uses an Amazon EventBridge rule to detect the StopLogging event in CloudTrail. When this event is detected, it triggers an AWS Lambda function that immediately calls StartLogging to re-enable CloudTrail logging. This approach offers the quickest remediation because it responds directly to the StopLogging event, minimizing downtime for CloudTrail log deliveries. Other options either have longer intervals before detecting the issue (e.g., every 5 minutes or 1 hour) or involve less efficient solutions like maintaining an EC2 instance, which is not as cost-effective or responsive.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In an AWS environment, the security team utilizes AWS CloudTrail to monitor and detect sensitive security issues within the company's AWS account. The DevOps engineer is required to implement an automated remediation solution to re-enable CloudTrail logging if it is inadvertently or maliciously disabled. Which of the following solutions offers the most rapid and efficient remediation to ensure minimal disruption to CloudTrail log delivery?

Exam-Like

Create an Amazon EventBridge rule for the CloudTrail StopLogging event. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the EventBridge rule.

66.7%

Deploy the AWS-managed CloudTrail-enabled AWS Config rule, set with a periodic interval of 1 hour. Create an Amazon EventBridge rule for AWS Config rules compliance change. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on the ARN of the resource in which StopLogging was called. Add the Lambda function ARN as a target to the EventBridge rule.

33.3%

Create an Amazon EventBridge rule for a scheduled event every 5 minutes. Create an AWS Lambda function that uses the AWS SDK to call StartLogging on a CloudTrail trail in the AWS account. Add the Lambda function ARN as a target to the EventBridge rule.

Launch a t2.nano instance with a script running every 5 minutes that uses the AWS SDK to query CloudTrail in the current account. If the CloudTrail trail is disabled, have the script re-enable the trail.