AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A company uses AWS Organizations with several hundred AWS accounts. A central security team operates from a dedicated "Security" account and must receive real-time email alerts whenever any account in the organization:
turns off AWS CloudTrail logging,
changes an Amazon S3 bucket policy, or
makes an API call with the root user.
The solution must be centralized, highly scalable, and guarantee that no matching events are lost even if downstream processing is temporarily unavailable.
Which combination of AWS services and configurations provides the MOST efficient and scalable solution?
Deploy a scheduled AWS Lambda function in the Security account that iterates through all member accounts, assumes a role in each, queries CloudTrail Event History for the critical events, and sends findings to an Amazon SNS topic.
Enable an organization trail and create a single EventBridge rule in the management account that filters the critical events and forwards them to a custom event bus in the Security account. In the Security account, forward the events to an Amazon SNS topic.
Enable an organization trail. In every member account, create an EventBridge rule (distributed by AWS CloudFormation StackSets) that matches the critical events and forwards them to a custom event bus in the Security account. In the Security account, add a rule that sends the events to an Amazon SNS topic for email notification.
Enable an organization trail that delivers logs to a central Amazon S3 bucket. Configure S3 event notifications to trigger a Lambda function in the Security account that scans each log file for the critical events and publishes messages to an Amazon SNS topic.
Create an organization trail so that CloudTrail logs the required management events in every account. Deploy (for example with AWS CloudFormation StackSets) an identical Amazon EventBridge rule in each member account that:
runs on the account's default event bus,
filters for the three critical events, and
targets a custom event bus in the Security account.
Attach a resource-based policy to the custom event bus that allows events from any account in the organization. In the Security account, add a second EventBridge rule that forwards the received events to an Amazon SNS topic, which sends the email notifications. Because EventBridge delivers events at-most-once but the SNS topic can have an Amazon SQS dead-letter queue, no events are lost and the design automatically scales as new accounts join the organization.
Other approaches either miss events (a single rule in the management account does not receive member-account events), add significant latency by parsing S3 log files, or rely on polling with Lambda, which is inefficient at this scale.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an organization trail in AWS CloudTrail?
Open an interactive chat with Bash
How does Amazon EventBridge forward events between AWS accounts?
Open an interactive chat with Bash
Why is a dead-letter queue (DLQ) in Amazon SNS important for reliability?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design Solutions for Organizational Complexity
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access