Question 340:
Last week it was observed that some of the applications were retrieving secrets from Amazon Secrets Manager which were scheduled to be deleted. These applications were not updated to use new secrets from AWS Secrets Manager. To avoid such incidents in the future, Management has asked you to create a notification when there is an attempt to access secrets pending deletion. Which of the following steps can be used to create this notification? (Select Three)
Answer options:
A.Monitor CloudWatch for active secrets. B.Log AWS Secrets Manager Non-API calls with AWS CloudTrail and configure CloudTrail log file delivery to CloudWatch logs. C.Log AWS Secrets Manager API calls with AWS CloudTrail and configure CloudTrail log file delivery to CloudWatch logs. D.Create the CloudWatch alarm to generate a notification when a Secrets Manager “ListSecretValue”API operation requests to access a version of a secret pending deletion. E.Create the CloudWatch alarm to generate a notification when a Secrets Manager “GetSecretValue”API operation requests to access a version of a secret pending deletion. F.Monitor CloudWatch for deleted secrets.