Answer-first summary for fast verification
Answer: Create an Amazon CloudWatch metric filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.
The correct answer is B. The firewall appliance is already sending logs to Amazon CloudWatch Logs, so the most efficient solution is to create an Amazon CloudWatch metric filter to search for CRITICAL events. This filter will publish a custom metric for any CRITICAL findings. You can then create a CloudWatch alarm based on this custom metric to publish a notification to an Amazon Simple Notification Service (SNS) topic. Finally, the security team’s email address can be subscribed to this SNS topic. This approach leverages existing services and capabilities without requiring additional monitoring tools.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a multi-account AWS environment, a DevOps engineer is tasked with ensuring that all outbound traffic is routed through a network operations account using AWS Transit Gateway. Within this account, traffic is inspected by a firewall appliance before reaching an internet gateway. The firewall logs various event severities, including CRITICAL, HIGH, MEDIUM, LOW, and INFO, to Amazon CloudWatch Logs. The security team requires an alert mechanism for any CRITICAL events. What is the most appropriate method for the DevOps engineer to implement this alerting system?
A
Create an Amazon CloudWatch Synthetics canary to monitor the firewall state. If the firewall reaches a CRITICAL state or logs a CRITICAL event, use a CloudWatch alarm to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.
B
Create an Amazon CloudWatch metric filter by using a search for CRITICAL events. Publish a custom metric for the finding. Use a CloudWatch alarm based on the custom metric to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe the security team’s email address to the topic.
C
Enable Amazon GuardDuty in the network operations account. Configure GuardDuty to monitor flow logs. Create an Amazon EventBridge event rule that is invoked by GuardDuty events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.
D
Use AWS Firewall Manager to apply consistent policies across all accounts. Create an Amazon EventBridge event rule that is invoked by Firewall Manager events that are CRITICAL. Define an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the security team’s email address to the topic.