Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified DevOps Engineer Professional Incorrect answer on practice exam

  • Incorrect answer on practice exam

  • mike70

    August 14, 2023 at 9:52 pm

    Hello, there is a question that asks:

    A multinational investment bank is implementing regulatory compliance checks over their AWS accounts. All API calls made on each of their AWS resources across their accounts must be monitored and tracked for auditing purposes. AWS CloudTrail will be used to monitor all API activities and detect sensitive security issues in the company’s AWS accounts. The DevOps Team was assigned to come up with a solution to remediate CloudTrail from being disabled on some AWS accounts automatically.

    As a DevOps Engineer, what solution should you apply that provides the LEAST amount of downtime for the CloudTrail log deliveries?

    The provided answer in the exam is:

    Use the cloudtrail-enabled AWS Config managed rule with a periodic interval of 1 hour to evaluate whether your AWS account enabled the AWS CloudTrail. Set up a CloudWatch Events rule for AWS Config rules compliance change. Launch a Lambda function that uses the AWS SDK and add the Amazon Resource Name (ARN) of the Lambda function as the target in the CloudWatch Events rule. Once a StopLogging event is detected, the Lambda function will re-enable the logging for that trail by calling the StartLogging API on the resource ARN.

    However, this is incorrect. The answer is actually:

    Use the cloudtrail-enabled AWS Config managed rule to evaluate whether the AWS account enabled AWS CloudTrail with a trigger type of Configuration changes. By default, this managed rule will automatically remediate the accounts that disabled its CloudTrail.

    Please see for reference:

    To ensure that CloudTrail remains enabled in your account, AWS Config provides the

    cloudtrail-enabled managed rule. If CloudTrail is turned off, the cloudtrail-enabled rule automatically re-enables it by using automatic remediation.”

Viewing 1 of 1 replies

Log in to reply.

Original Post
0 of 0 posts June 2018