AWS Certified Security – Specialty — Question 181

A security engineer needs to ensure their company's use of AWS meets AWS security best practices. As part of this, the AWS account root user must not be used for daily work. The root user must be monitored for use, and the security team must be alerted as quickly as possible if the root user is used.
Which solution meets these requirements?

Answer options

• A. Set up an Amazon CloudWatch Events rule that triggers an Amazon SNS notification.
• B. Create root user access keys. Use an AWS Lambda function to parse AWS CloudTrail logs from Amazon S3 and generate notifications using Amazon SNS.
• C. Set up a rule in AWS Config to trigger root user events. Trigger an AWS Lambda function and generate notifications using Amazon SNS.
• D. Use Amazon Inspector to monitor the usage of the root user and generate notifications using Amazon SNS.

Correct answer: A

Explanation

The correct answer is A because setting up an Amazon CloudWatch Events rule will allow for the monitoring of root user activity and trigger an immediate SNS notification. Option B involves creating access keys, which is not recommended for the root user. Option C suggests using AWS Config, which is not as direct or efficient for this specific requirement as CloudWatch Events. Option D incorrectly uses Amazon Inspector, which is not designed for monitoring root user access.