In a multi-account AWS environment, a DevOps engineer is tasked with ensuring that all outbound traffic is routed through a network operations account using AWS Transit Gateway. Within this account, traffic is inspected by a firewall appliance before reaching an internet gateway. The firewall logs various event severities, including CRITICAL, HIGH, MEDIUM, LOW, and INFO, to Amazon CloudWatch Logs. The security team requires an alert mechanism for any CRITICAL events. What is the most appropriate method for the DevOps engineer to implement this alerting system?

Exam-Like

Create an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

0.0%

Create an Amazon CloudWatch metric filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.

100.0%

Enable Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

0.0%

Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.

0.0%

AWS Certified DevOps Engineer - Professional

Get started today

Comments