Amazon DOP-C02 Exam - Topic 1 Question 5 Discussion

Actual exam question for Amazon's DOP-C02 exam

Question #: 5
Topic #: 1

A DevOps engineer at a company is supporting an AWS environment in which all users use AWS IAM Identity Center (AWS Single Sign-On). The company wants to immediately disable credentials of any new IAM user and wants the security team to receive a notification.

Which combination of steps should the DevOps engineer take to meet these requirements? (Choose three.)

ACreate an Amazon EventBridge rule that reacts to an IAM CreateUser API call in AWS CloudTrail.

BCreate an Amazon EventBridge rule that reacts to an IAM GetLoginProfile API call in AWS CloudTrail.

CCreate an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to disable any access keys and delete the login profiles that are associated with the IAM user.

DCreate an AWS Lambda function that is a target of the EventBridge rule. Configure the Lambda function to delete the login profiles that are associated with the IAM user.

ECreate an Amazon Simple Notification Service (Amazon SNS) topic that is a target of the EventBridge rule. Subscribe the security team's group email address to the topic.

FCreate an Amazon Simple Queue Service (Amazon SQS) queue that is a target of the Lambda function. Subscribe the security team's group email address to the queue.

Show Suggested Answer

Suggested Answer: A, C, E

by Tegan at Apr 21, 2023, 05:14 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Carylon

5 months ago

I think the Lambda function should disable access keys too, right?

upvoted 0 times

...

Chanel

6 months ago

SNS for notifications is a must! Good call.

upvoted 0 times

...

Mozelle

6 months ago

Wait, can you really delete login profiles like that? Seems risky.

upvoted 0 times

...

Wynell

6 months ago

Totally agree, that's the way to go!

upvoted 0 times

...

Coleen

6 months ago

Gotta use EventBridge for the CreateUser API call!

upvoted 0 times

...

Wilda

6 months ago

I’m a bit confused about the login profiles. Do we need to delete them as well? I think option D could be relevant, but I’m not completely certain.

upvoted 0 times

...

Eloisa

6 months ago

I practiced a similar question, and I think we need to notify the security team too. So, option E seems like a good choice for that.

upvoted 0 times

...

Lelia

6 months ago

I'm not entirely sure, but I feel like we should also disable access keys when a new user is created. That makes me lean towards option C.

upvoted 0 times

...

Dominga

7 months ago

I remember that we need to react to the CreateUser API call, so I think option A is definitely one of the steps.

upvoted 0 times

...

Joni

7 months ago

Okay, I've got a good handle on this. The key is to identify the right error handling mechanism based on the specific scenario described in the question. I think option B is the best approach, as it directly addresses the issue of handling errors in the Verification Webservice API.

upvoted 0 times

...

Melvin

7 months ago

The exam question reminds me of a practice question we had on performance metrics. I remember payload being one of the choices.

upvoted 0 times

...

Val

7 months ago

I'm a little confused by the options here. I don't think the duration of security violations or the cost per incident are the most important things to include. The focus should really be on the regulatory requirements and how the service provider will comply with them.

upvoted 0 times

...