A security engineer must Implement monitoring of a company’s Amazon Aurora MySQL DB instances. The company wants to receive email notifications when unknown users try to log in to the database endpoint. Which solution will meet these requirements with the LEAST operational overhead?

Topic #: - All AWS Certified Security - Specialty SCS-C02 Questions

A. Enable Amazon GuardDuty. Enable the Amazon RDS Protection feature in GuardDuty to detect login attempts by unknown users. Create an Amazon EventBridge rule to filter GuardDuty findings. Send email notifications by using Amazon Simple Notification Service (Amazon SNS).
B. Enable the server_audit_logglng parameter on the Aurora MySQL DB instances. Use AWS Lambda to periodically scan the delivered log files for login attempts by unknown users. Send email notifications by using Amazon Simple Notification Service (Amazon SNS).
C. Create an Amazon RDS Custom AMI. Include a third-party security agent in the AMI to detect login attempts by unknown users. Deploy RDS Custom DB instances. Migrate data from the existing installation to the RDS Custom DB instances. Configure email notifications from the third-party agent.
D. Write a stored procedure to detect login attempts by unknown users. Schedule a recurring job inside the database engine. Configure Aurora MySQL to use Amazon Simple Notification Service (Amazon SNS) to send email notifications.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A security engineer must Implement monitoring of a company’s Amazon Aurora MySQL DB instances. The company wants to receive email notifications when unknown users try to log in to the database endpoint. Which solution will meet these requirements with the LEAST operational overhead?

Suggested Answer:

Share this post

Join the Discussion