Amazon Web Services DOP-C02 Exam With Confidence Using Practice Dumps

 Create an Amazon EventBridge Rule Using an AWS CloudTrail Event Pattern:

AWS CloudTrail logs API calls made in your account, including actions performed by roles.

Create an EventBridge rule that matches CloudTrail events where the AssumeRole API call is made to assume the administrator role.

 Invoke an AWS Lambda Function:

Configure the EventBridge rule to trigger a Lambda function whenever the rule's conditions are met.

The Lambda function will handle the logic to send a notification.

 Publish a Message to an Amazon SNS Topic:

The Lambda function will publish a message to an SNS topic to notify the security team.

Subscribe the security team’s email address to this SNS topic to receive real-time notifications.

Example EventBridge rule pattern:

{

"source": ["aws.cloudtrail"],

"detail-type": ["AWS API Call via CloudTrail"],

"detail": {

"eventSource": ["sts.amazonaws.com"],

"eventName": ["AssumeRole"],

"requestParameters": {

"roleArn": ["arn:aws:iam:::role/AdministratorRole"]

}

}

}

Example Lambda function (Node.js) to publish to SNS:

const AWS = require('aws-sdk');

const sns = new AWS.SNS();

exports.handler = async (event) => {

const params = {

Message: `Administrator role assumed: ${JSON.stringify(event.detail)}`,

TopicArn: 'arn:aws:sns:::'

};

await sns.publish(params).promise();

};

Mounting EFS to EC2-backed EKS nodes requires:

NFS (port 2049) open from nodes to EFS (Security Group rule).

Mount targets in each subnet/AZ where nodes reside.

IAM role for the EFS CSI driver with elasticfilesystem:ClientMount and ClientRootAccess permissions.These are the standard setup requirements in “Using the Amazon EFS CSI Driver with Amazon EKS.”

AWS Systems Manager Patch Manager automates patch scanning and installation. Integrating with AWS Config enables compliance reporting and auto-remediation. This provides centralized patch compliance management per AWS Ops best practices.