AWS Certified Security – Specialty — Question 12

Which approach will generate automated security alerts should too many unauthorized AWS API requests be identified?

Answer options

• A. Create an Amazon CloudWatch metric filter that looks for API call error codes and then implement an alarm based on that metric's rate.
• B. Configure AWS CloudTrail to stream event data to Amazon Kinesis. Configure an AWS Lambda function on the stream to alarm when the threshold has been exceeded.
• C. Run an Amazon Athena SQL query against CloudTrail log files. Use Amazon QuickSight to create an operational dashboard.
• D. Use the Amazon Personal Health Dashboard to monitor the account's use of AWS services, and raise an alert if service error rates increase.

Correct answer: A

Explanation

The correct answer, A, involves using Amazon CloudWatch to track API call error codes, which directly correlates with unauthorized requests. Option B, while effective, requires additional configuration and may not be as immediate. Options C and D do not provide real-time alerts for unauthorized API requests and are therefore not suitable for this scenario.