AWS DevOps Engineer Professional DOP-C01 – Question545

A company's security team discovers that IAM access keys were potentially exposed. The DevOps team wants to implement a solution that will automatically disable any keys that are suspected of being compromised. The solution also must provide a notification to the security team.
Which solution will accomplish this?

A.
Create an Amazon EventBridge (Amazon CloudWatch Events) event for Amazon Macie. Create an Amazon Simple Notification Service (Amazon SNS) topic with two subscriptions: one to notify the security team and another to invoke an AWS Lambda function that disables the access keys.
B. Enable Amazon GuardDuty and set up an Amazon EventBridge (Amazon CloudWatch Events) rule event for GuardDuty. Create an Amazon Simple Notification Service (Amazon SNS) topic with two subscriptions: one to notify the security team and another to invoke an AWS Lambda function that disables the access keys.
C. Run an Amazon EvetBridge (Amazon CloudWatch Events) rule every 5 minutes to invoke an AWS Lambda function that checks to see if the compromised tag for any access key is set to true. If the tag is set to true, notify the security team and disable the access keys.
D. Set up AWS Config and create an AWS CloudTrail event for AWS Config. Create an an Amazon Simple Notification Service (Amazon SNS) topic with two subscriptions: one to notify the security team and another to invoke an AWS Lambda function that disables the access keys.