AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an Amazon EventBridge rule to detect security group changes. Configure the event type as AWS API Call via CloudTrail. Configure the EventBridge rule to run the AWS-CreateServiceNowIncident AWS Systems Manager Automation runbook to create an incident in ServiceNow.

EventBridge can capture CloudTrail events for EC2:AuthorizeSecurityGroupIngress etc. Then directly invoke SSM Automation runbook that integrates with ServiceNow to create incident. This is serverless, low effort with pre-built runbook.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company that uses ServiceNow has an AWS account where a sensitive workload runs. The necessary security groups are in place. The company needs to implement a solution to create an incident in ServiceNow every time the rules change in any security group. Which solution will meet this requirement with the LEAST operational effort?

Exam-Like

UAnonymous

Last updated: April 30, 2026 at 11:43

Create an Amazon CloudWatch alarm that enters ALARM state when security groups change. Configure the alarm to invoke an AWS Lambda function that connects to ServiceNow to create an incident.

Enable AWS Security Hub. Create an AWS Lambda function that connects to ServiceNow to create an incident. Create an Amazon EventBridge rule to detect security group changes. Configure the event type as Security Hub Findings - Custom Action. Configure the EventBridge rule to invoke the Lambda function.

Create an Amazon EventBridge rule to detect security group changes. Configure the event type as AWS API Call via CloudTrail. Configure the EventBridge rule to run the AWS-CreateServiceNowIncident AWS Systems Manager Automation runbook to create an incident in ServiceNow.

Launch an Amazon EC2 instance that has a persistent connection to ServiceNow to detect security group changes. Export AWS CloudTrail logs to the EC2 instance. Write a bash script to run a scheduled cron job every 30 minutes to search the CloudTrail logs for security groups changes. Configure the EC2 instance to create an incident in ServiceNow when a change is detected.