AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company's operations team needs to be notified when RDP or SSH access to an environment has been established.
Other
Community
UAnonymous
A
Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.
B
Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.
C
Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.
D
Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configure an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.
Explanation:
Explanation
Option C is the correct answer because it provides a comprehensive solution for detecting RDP/SSH access:
- VPC Flow Logs capture network traffic information, including source/destination IPs, ports, and protocols
- CloudWatch Logs Metric Filters can be configured to search for specific patterns like RDP (port 3389) or SSH (port 22) connections
- CloudWatch Alarms can trigger notifications when the metric indicates RDP/SSH access
- SNS Notifications can alert the operations team when the alarm triggers
Why other options are incorrect:
- Option A: Amazon CloudWatch Application Insights is designed for application performance monitoring and troubleshooting, not specifically for detecting network access patterns.
- Option B: IAM instance profiles and the AmazonSSMManagedInstanceCore policy enable Systems Manager session management but don't provide notification capabilities for RDP/SSH access detection.
- Option D: EC2 Instance State-change Notifications track instance state changes (running, stopped, terminated) but don't monitor specific network connections like RDP/SSH access.
Key AWS Services Used:
- VPC Flow Logs for network traffic logging
- Amazon CloudWatch Logs for log aggregation
- CloudWatch Metric Filters for pattern detection
- CloudWatch Alarms for alerting
- Amazon SNS for notifications
This solution provides real-time monitoring of network access patterns across all VPCs, ensuring the operations team is notified whenever RDP or SSH connections are established to any demonstration environment.
Comments
Loading comments...