AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 66

Changes made to a security group attached to an Application Load Balancer resulted in connectivity issues for a company's production web application. The network engineer needs to lock down permissions for the company's AWS account, automate auditing for any changes, and set up notifications.
What actions should accomplish this?

Answer options

• A. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify API calls from users. Use AWS Config to audit any changes, and configure Amazon SNS to send notifications.
• B. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure AWS CodeCommit to audit any changes in configurations, and configure Amazon SNS to send notifications.
• C. Configure IAM user policies to lock down permissions for specific users. Enable AWS CloudTrail to identify the API calls from users. Configure Amazon Macie to use machine learning to identify any configuration changes, and configure Amazon SNS to send notifications.
• D. Configure IAM role policies to lock down permissions for specific users. Configure Amazon GuardDuty to audit and monitor configuration changes, and configure Amazon SNS to send notifications.

Correct answer: A

Explanation

The correct answer is A because it correctly identifies the use of IAM user policies for permission management, AWS CloudTrail for tracking API calls, AWS Config for auditing changes, and Amazon SNS for notifications. Options B and C incorrectly suggest using AWS CodeCommit and Amazon Macie, which are not suitable for auditing configuration changes in this context. Option D incorrectly refers to IAM role policies, which do not specifically address the user permissions needed in this scenario.