Questions 41 - 60

Question 41

How should a DevOps engineer configure near-real-time status updates and manual approval requests from AWS CodePipeline to post to a custom chat tool with webhook support?

Options:

A: Create a CloudWatch Logs subscription filtering on CodePipeline State Change, publish to SNS, and subscribe the chat webhook URL directly to SNS.

B: Create an AWS Lambda function invoked by AWS CloudTrail events. On detection of CodePipeline State Change, send details to the chat webhook.

C: Create an Amazon EventBridge rule filtering on CodePipeline State Change, publish events to an Amazon SNS topic, and use an AWS Lambda function subscribed to SNS to format and send event details to the chat webhook URL.

D: Modify the pipeline code to send event details to the chat webhook URL at the end of each stage.

Answer C

Question 42

A company needs to be notified if a security group associated with Linux-based Amazon EC2 bastion hosts is modified to allow inbound SSH access from any IP address ($0.0.0.0/0$). Which approach should a DevOps engineer take to automate this notification?

Option A: Create an Amazon EventBridge rule that triggers on aws.cloudtrail events with the name AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as the target.

Option B: Enable Amazon GuardDuty and monitor findings in AWS Security Hub. Use an EventBridge rule to match GuardDuty events marked as NON_COMPLIANT and target an Amazon SNS topic.

Option C: Create an AWS Config rule using the restricted-ssh managed rule to detect unrestricted SSH traffic. Configure automatic remediation to publish a message to an Amazon SNS topic.

Option D: Enable Amazon Inspector with the Common Vulnerabilities and Exposures-1.1 rules package to scan the security groups and configure it to publish messages to an Amazon SNS topic.

Answer C