AWS Certified DevOps Engineer – Professional — Question 54

A company gives its employees limited rights to AWS. DevOps engineers have the ability to assume an administrator role. For tracking purposes, the security team wants to receive a near-real-time notification when the administrator role is assumed.
How should this be accomplished?

Answer options

• A. Configure AWS Config to publish logs to an Amazon S3 bucket. Use Amazon Athena to query the logs and send a notification to the security team when the administrator role is assumed.
• B. Configure Amazon GuardDuty to monitor when the administrator role is assumed and send a notification to the security team.
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) event rule using an AWS Management Console sign-in events event pattern that publishes a message to an Amazon SNS topic if the administrator role is assumed.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) events rule using an AWS API call that uses an AWS CloudTrail event pattern to trigger an AWS Lambda function that publishes a message to an Amazon SNS topic if the administrator role is assumed.

Correct answer: D

Explanation

The correct answer is D because it sets up an event-driven architecture that allows for real-time notifications based on API calls tracked by AWS CloudTrail. Options A and B do not provide the near-real-time notification capability required, while option C does not utilize CloudTrail for API call tracking, which is essential for determining when the administrator role is assumed.