Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SCS-C02 Exam - Topic 1 Question 10 Discussion

A security engineer is configuring a mechanism to send an alert when three or more failed sign-in attempts to the AWS Management Console occur during a 5-minute period. The security engineer creates a trail in AWS CloudTrail to assist in this work.Which solution will meet these requirements?
B) Configure CloudTrail to send events to Amazon CloudWatch Logs. Create a metric filter for the relevant log group. Create a filter pattern with eventName matching ConsoleLogin and errorMessage matching ''Failed authentication''. Create a CloudWatch alarm with a threshold of 3 and a period of 5 minutes.
A) In CloudTrail, turn on Insights events on the trail. Configure an alarm on the insight with eventName matching ConsoleLogin and errorMessage matching ''Failed authentication''. Configure a threshold of 3 and a period of 5 minutes.
C) Create an Amazon Athena table from the CloudTrail events. Run a query for eventName matching ConsoleLogin and for errorMessage matching ''Failed authentication''. Create a notification action from the query to send an Amazon Simple Notification Service (Amazon SNS) notification when the count equals 3 within a period of 5 minutes.
D) In AWS Identity and Access Management Access Analyzer, create a new analyzer. Configure the analyzer to send an Amazon Simple Notification Service (Amazon SNS) notification when a failed sign-in event occurs 3 times for any IAM user within a period of 5 minutes.

Amazon SCS-C02 Exam - Topic 1 Question 10 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 10
Topic #: 1
[All SCS-C02 Questions]

A security engineer is configuring a mechanism to send an alert when three or more failed sign-in attempts to the AWS Management Console occur during a 5-minute period. The security engineer creates a trail in AWS CloudTrail to assist in this work.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

The correct answer is B. Configure CloudTrail to send events to Amazon CloudWatch Logs. Create a metric filter for the relevant log group. Create a filter pattern with eventName matching ConsoleLogin and errorMessage matching ''Failed authentication''. Create a CloudWatch alarm with a threshold of 3 and a period of 5 minutes.

This answer is correct because it meets the requirements of sending an alert when three or more failed sign-in attempts to the AWS Management Console occur during a 5-minute period. By configuring CloudTrail to send events to CloudWatch Logs, the security engineer can create a metric filter that matches the desired pattern of failed sign-in events. Then, by creating a CloudWatch alarm based on the metric filter, the security engineer can set a threshold of 3 and a period of 5 minutes, and choose an action such as sending an email or an Amazon Simple Notification Service (Amazon SNS) message when the alarm is triggered12.

The other options are incorrect because:

A) Turning on Insights events on the trail and configuring an alarm on the insight is not a solution, because Insights events are used to analyze unusual activity in management events, such as spikes in API call volume or error rates. Insights events do not capture failed sign-in attempts to the AWS Management Console3.

C) Creating an Amazon Athena table from the CloudTrail events and running a query for failed sign-in events is not a solution, because it does not provide a mechanism to send an alert based on the query results. Amazon Athena is an interactive query service that allows analyzing data in Amazon S3 using standard SQL, but it does not support creating notifications or alarms from queries4.

D) Creating an analyzer in AWS Identity and Access Management Access Analyzer and configuring it to send an Amazon SNS notification when a failed sign-in event occurs 3 times for any IAM user within a period of 5 minutes is not a solution, because IAM Access Analyzer is not a service that monitors sign-in events, but a service that helps identify resources that are shared with external entities. IAM Access Analyzer does not generate findings for failed sign-in attempts to the AWS Management Console5.


1: Sending CloudTrail Events to CloudWatch Logs - AWS CloudTrail 2: Creating Alarms Based on Metric Filters - Amazon CloudWatch 3: Analyzing unusual activity in management events - AWS CloudTrail 4: What is Amazon Athena? - Amazon Athena 5: Using AWS Identity and Access Management Access Analyzer - AWS Identity and Access Management

by Sherita at Dec 25, 2023, 03:03 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Lindsey
6 months ago
A could work, but I think B is more reliable for this scenario.
upvoted 0 times
...
Malinda
6 months ago
D doesn't seem right; it's not focused on failed logins specifically.
upvoted 0 times
...
Fanny
7 months ago
Wait, can Athena really handle this? Sounds complicated.
upvoted 0 times
...
Allene
7 months ago
I agree, B is definitely the way to go!
upvoted 0 times
...
Tracie
7 months ago
Option B seems like the most straightforward solution.
upvoted 0 times
...
Lenita
7 months ago
I feel like option D is off-topic since it mentions IAM Access Analyzer, which we didn’t really focus on for login attempts. I think it’s more about monitoring rather than analyzing access.
upvoted 0 times
...
Oren
7 months ago
I’m a bit confused about the Athena option. I don’t recall us covering how to set up notifications from queries. Is that really a viable solution?
upvoted 0 times
...
Brock
8 months ago
I think option B sounds familiar. We practiced setting up metric filters in CloudWatch Logs for similar questions, so that might be the right approach here.
upvoted 0 times
...
Iluminada
8 months ago
I remember we discussed using CloudWatch for monitoring failed logins, but I'm not sure if Insights events are the best way to go for this scenario.
upvoted 0 times
...
Penney
8 months ago
I'm a little confused by all the different AWS services mentioned here. I'll need to review my notes on CloudTrail, CloudWatch, Athena, and IAM Access Analyzer to make sure I understand how they can be used to meet the requirements.
upvoted 0 times
...
Janella
8 months ago
Ah, this is a good one. I've worked with CloudTrail and CloudWatch before, so I'm feeling pretty confident about this. I'll make sure to pay close attention to the details and choose the most efficient solution.
upvoted 0 times
...
Nana
8 months ago
Okay, let's see. The key things I need to focus on are monitoring the CloudTrail events, looking for the specific event name and error message, and then setting up the appropriate alarm or notification. I think I can figure this out.
upvoted 0 times
...
Louvenia
8 months ago
This seems like a straightforward question about setting up an alert for failed sign-in attempts to the AWS Management Console. I think I can handle this one.
upvoted 0 times
...
Clorinda
8 months ago
Hmm, I'm a bit unsure about the different options here. I'll need to carefully read through each one and think about the specific requirements mentioned in the question.
upvoted 0 times
...
Paz
8 months ago
The wording about "partners" really stands out to me. I'm leaning towards the Partner Community license as the best option to meet the specific needs outlined in the question.
upvoted 0 times
...
Kanisha
8 months ago
This seems like a tricky one. I'll need to think carefully about which functions would be sized from a FP perspective.
upvoted 0 times
...
Daren
8 months ago
Hmm, I'm a bit confused here. The options don't seem to match the standard Toast constants. I'll need to double-check the Android documentation to be sure.
upvoted 0 times
...
Georgiana
8 months ago
Hmm, I'm not sure about this one. I'm trying to decide between B and C, but I'm a bit confused on the exact purpose of application authentication controls.
upvoted 0 times
...
Justa
2 years ago
Option B does seem like the most straightforward solution. Although, I'm curious about option C with Athena and SNS. That could be a cool way to do some more advanced analysis on the login events. Might be overkill for this specific requirement, but it's an interesting approach.
upvoted 0 times
...
Aleta
2 years ago
Yeah, I'm leaning towards B as well. The other options seem a bit more complex, and I'm not sure they'd be as reliable or easy to manage in the long run. Plus, with CloudWatch, we get a lot of other monitoring and alerting capabilities that could come in handy down the line.
upvoted 0 times
...
Mable
2 years ago
I agree, option B seems like the way to go. Setting up the CloudWatch alarm with the right threshold and time period is pretty simple, and it should give us the alerts we need when those login failures happen.
upvoted 0 times
Georgene
2 years ago
That should give us the alerts we need for failed sign-in attempts.
upvoted 0 times
...
Viva
2 years ago
Don't forget to set the threshold to 3 and the period to 5 minutes.
upvoted 0 times
...
Elfrieda
2 years ago
Make sure the filter pattern matches ConsoleLogin and errorMessage.
upvoted 0 times
...
Heike
2 years ago
We should create a metric filter for the relevant log group.
upvoted 0 times
...
Ocie
2 years ago
Agreed, setting up the CloudWatch alarm seems straightforward.
upvoted 0 times
...
Fabiola
2 years ago
I think option B is the best choice here.
upvoted 0 times
...
...
Lon
2 years ago
Hmm, this is an interesting question. I think option B looks like the best solution here. Sending the CloudTrail events to CloudWatch Logs and creating a metric filter to monitor for the specific login failure conditions seems like a straightforward way to meet the requirements.
upvoted 0 times
...

Save Cancel