AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A security engineer needs to set up an alerting mechanism that triggers when there are three or more consecutive failed login attempts to the AWS Management Console within a 5-minute timeframe. To achieve this, the engineer has initiated a trail in AWS CloudTrail. Which of the following solutions would effectively fulfill this requirement?
A
Enable Insights events in CloudTrail and set up an alarm on the insight with eventName matching ConsoleLogin and errorMessage matching "Failed authentication". Set the alarm threshold to 3 and the period to 5 minutes.
B
Configure CloudTrail to forward events to Amazon CloudWatch Logs. Establish a metric filter for the corresponding log group with a filter pattern that matches eventName ConsoleLogin and errorMessage "Failed authentication". Set up a CloudWatch alarm with a threshold of 3 and a period of 5 minutes.
C
Generate an Amazon Athena table from the CloudTrail logs. Execute a query to find eventName matching ConsoleLogin and errorMessage "Failed authentication". Implement a notification action from the query results to dispatch an Amazon SNS notification when the count reaches 3 within a 5-minute interval.
D
Initiate a new analyzer in AWS Identity and Access Management Access Analyzer. Configure the analyzer to issue an Amazon SNS notification upon detecting three failed login events for any IAM user within a 5-minute period.