Objectives in this domain

Build event-driven response with Amazon EventBridge rules and event buses, AWS Lambda targets and Amazon SNS and Amazon SQS destinations.
Section 5.1medium
Process events and notify responders using Amazon EventBridge Pipes, Amazon SNS, AWS Chatbot and chat-based operations.
Section 5.2medium
Implement automated configuration changes in response to events with AWS Systems Manager Automation, AWS Config remediation and AWS Lambda.
Section 5.3medium
Troubleshoot deployment and pipeline failures using AWS CloudFormation stack rollback, AWS CodeDeploy automatic rollback, deployment alarms and pipeline failure states.
Section 5.4hard
Perform root-cause analysis of system and application failures using Amazon CloudWatch, AWS X-Ray, AWS CloudTrail and VPC Flow Logs.
Section 5.5hard

Sample question from this domain

Free sampleIncident and Event Responsemedium

A security team wants every change to an Amazon S3 bucket policy across the account to trigger an automated response. The team has confirmed that AWS CloudTrail management events are delivered to the default event bus. They need an Amazon EventBridge rule that runs only when a PutBucketPolicy API call occurs, and they want the matched event passed to an AWS Lambda function that evaluates the new policy. With the least custom code, how should the rule be built?

ACreate an EventBridge rule with an event pattern that matches the aws.s3 event source and the PutBucketPolicy event name, then add the Lambda function as a target so the function receives the matched CloudTrail event directly. Correct
BCreate an EventBridge rule with a schedule expression that fires every five minutes and targets a Lambda function that scans CloudTrail logs for any recent PutBucketPolicy call before evaluating the bucket policy.
CConfigure an Amazon S3 event notification on each bucket for the s3:ObjectCreated event type and route it to the Lambda function, which then reads the current bucket policy and evaluates it.
DCreate an EventBridge rule that matches all events from the aws.s3 source, then have the Lambda target inspect each event and discard anything that is not a PutBucketPolicy call before evaluating the policy.

Match a specific API call with an EventBridge event pattern on source and eventName and pass the matched event straight to a Lambda target. EventBridge evaluates each incoming event against the rule event pattern, so a pattern matching the aws.s3 source and the PutBucketPolicy eventName fires the rule only for that management API call, and a Lambda target receives the full matched CloudTrail event as its input without any polling, scanning, or in-function filtering.

Why A is correct: An event pattern keyed on the source and the specific eventName matches only the PutBucketPolicy call, and naming the function as a target delivers the matched event as the payload, so EventBridge does the filtering and invocation with no extra code.

Why B is wrong: A scheduled rule polling CloudTrail can find the call eventually, but it adds latency and log-scanning code, whereas the requirement is an event-driven match on the API call with the least custom logic.

Why C is wrong: S3 event notifications report object-level activity such as ObjectCreated, not bucket policy changes, so this never fires on PutBucketPolicy and fails to detect the management action in scope.

Why D is wrong: Matching every S3 event then filtering inside the function works but invokes Lambda needlessly on unrelated calls and pushes filtering into code, when an event pattern can match only PutBucketPolicy at the rule.

Other domains in this exam

SDLC Automation22% of the exam
Configuration Management and Infrastructure as Code17% of the exam
Resilient Cloud Solutions15% of the exam
Monitoring and Logging15% of the exam
Security and Compliance17% of the exam

See also the DOP-C02 cert hub, the study guide, and the cheat sheet.