4. Question
An organization leverages Amazon VPC to host its multi-tier services. The organization aims to provide a web analytics service via RESTful APIs to a user base spanning millions. Access to these APIs requires user verification through an authentication service.
What is the most operationally efficient approach to satisfy these requirements?
- Configure IAM users for authentication and integrate with Amazon API Gateway HTTP APIs using an IAM policy for authorization.
- Launch Amazon API Gateway REST APIs and integrate with AWS Lambda for user authentication using a Lambda authorizer.
- Create an Amazon Cognito identity pool for federated identity management and secure HTTP APIs using Amazon API Gateway with IAM policies for authorization.
- Implement user authentication with an Amazon Cognito user pool and secure REST API access using Amazon API Gateway with a Cognito user pool authorizer.
- đáp án
9. Question
A company is looking to protect its mobile app’s sensitive data, which is encrypted using AWS Key Management Service (AWS KMS). To enhance security, the company wishes to implement a mechanism that not only prevents the accidental deletion of KMS keys but also alerts administrators via email if there’s an attempt to delete a KMS key.
Which of the following solutions fulfills these requirements with minimal operational overhead?
- Set up an Amazon EventBridge rule that triggers attempts to delete a KMS key. Connect this rule to an AWS Config rule that reverses any deletion attempts. Then, configure an Amazon SNS topic to alert administrators whenever this event occurs.
- Implement an AWS Lambda function to block the deletion of KMS keys. Set up an Amazon CloudWatch alarm that triggers deletion attempts. Use Amazon EventBridge to call the Lambda function when a
DeleteKey
action is detected. Lastly, notify administrators via an Amazon Simple Notification Service (Amazon SNS) topic.
- Configure an Amazon EventBridge rule to detect
DeleteKey
operations on AWS KMS. Link this rule to an AWS Systems Manager Automation runbook designed to cancel a key in pending deletion state. Additionally, set the EventBridge rule to notify administrators through an Amazon SNS topic upon such an attempt.
- Establish an AWS CloudTrail to monitor KMS key deletion attempts. Configure CloudTrail to send logs to Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter to detect DeleteKey events and trigger an Amazon SNS notification to administrators.
- đáp án
13. Question