AWS Certified Security – Specialty (SCS-C02) — Question 219

A company has a strict policy against using root credentials. The company’s security team wants to be alerted as soon as possible when root credentials are used to sign in to the AWS Management Console.

How should the security team achieve this goal?

Answer options

• A. Use AWS Lambda to periodically query AWS CloudTrail for console login events and send alerts using Amazon Simple Notification Service (Amazon SNS).
• B. Use Amazon EventBridge to monitor console logins and direct them to Amazon Simple Notification Service (Amazon SNS).
• C. Use Amazon Athena to query AWS IAM Identity Center logs and send alerts using Amazon Simple Notification Service (Amazon SNS) for root login events.
• D. Configure AWS Resource Access Manager to review the access logs and send alerts using Amazon Simple Notification Service (Amazon SNS).

Correct answer: B

Explanation

The correct answer is B because Amazon EventBridge can efficiently monitor and respond to events such as console logins, making it ideal for alerting the security team. Option A, while useful, relies on periodic querying which may not provide immediate alerts. Option C involves querying IAM Identity Center logs, which is not the primary method for monitoring console logins, and option D does not directly focus on login events.