Topic 1 Question 155
An AWS Lambda function was misused to alter data, and a security engineer must identify who invoked the function and what output was produced. The engineer cannot find any logs created by the Lambda function in Amazon CloudWatch Logs.
Which of the following explains why the logs are not available?
The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
The Lambda function was invoked by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.
The execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.
The version of the Lambda function that was invoked was not current.
ユーザの投票
コメント(5)
- 👍 3Zek2024/05/14
- 正解だと思う選択肢: A
The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
👍 1nRaiker2024/07/22 - 正解だと思う選択肢: A
A is correct:
AWS Lambda functions require an execution role that has the appropriate permissions to write log data to CloudWatch Logs. If the execution role does not have the AWSLambdaBasicExecutionRole or similar permissions that include logs:CreateLogGroup, logs:CreateLogStream, and logs:PutLogEvents, the Lambda function will not be able to create or write logs to CloudWatch Logs.
👍 1navid13652024/08/03
シャッフルモード