A company's developers use Amazon EC2 instances as remote workstations. The company is co…

Question

A company's developers use Amazon EC2 instances as remote workstations. The company is concerned that users can create or modify EC2 security groups to allow unrestricted inbound access.
A DevOps engineer needs to develop a solution to detect when users create unrestricted security group rules. The solution must detect changes to security group rules in near real time, remove unrestricted rules, and send email notifications to the security team. The DevOps engineer has created an AWS Lambda function that checks for security group ID from input, removes rules that grant unrestricted access, and sends notifications through Amazon Simple Notification Service (Amazon SNS).
What should the DevOps engineer do next to meet the requirements?

Accepted Answer

Correct answer: C. C. Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule’s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function. — The correct answer is C because it directly matches EC2 security group modification events and triggers the Lambda function to take action in real-time. Option A is incorrect as it relies on SNS and CloudTrail, which may not provide immediate detection of security group changes. Option B does not address real-time detection since it schedules the Lambda function to run every hour. Option D is also incorrect because a custom event bus is unnecessary for this specific use case.

AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 30

Answer options

Correct answer: C

Explanation