Topic 1 Question 19

AWS Certified Security - Specialty

Topic 1 Question 19
A company used a lift-and-shift approach to migrate from its on-premises data centers to the AWS Cloud. The company migrated on-premises VMs to Amazon EC2 instances. Now the company wants to replace some of components that are running on the EC2 instances with managed AWS services that provide similar functionality. Initially, the company will transition from load balancer software that runs on EC2 instances to AWS Elastic Load Balancers. A security engineer must ensure that after this transition, all the load balancer logs are centralized and searchable for auditing. The security engineer must also ensure that metrics are generated to show which ciphers are in use. Which solution will meet these requirements?
- Create an Amazon CloudWatch Logs log group. Configure the load balancers to send logs to the log group. Use the CloudWatch Logs console to search the logs. Create CloudWatch Logs filters on the logs for the required metrics.
- Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3 bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create Amazon CloudWatch filters on the S3 log files for the required metrics.
- Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3 bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create Athena queries for the required metrics. Publish the metrics to Amazon CloudWatch.
- Create an Amazon CloudWatch Logs log group. Configure the load balancers to send logs to the log group. Use the AWS Management Console to search the logs. Create Amazon Athena queries for the required metrics. Publish the metrics to Amazon CloudWatch.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: C
  You can't send ELB access logs into CloudWatch Logs, but to S3 only: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html
  
  Regarding the alarm, natively there is no way to use query result as a metric.We could use a Lambda Function for this.
  
  C remains the most valid option.
  
  👍 13
  Ghe2024/03/16
- 正解だと思う選択肢: A
  https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-cloudwatch-metrics.html#view-metric-data s3 buckets and athena are not needed.
  
  👍 12
  Daniel762023/11/21
- 正解だと思う選択肢: B
  Weird set of answers. Mixing between access logs and performance metrics. Check out this https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-monitoring.html
  
  CloudWatch is responsible about collecting performance metrics. Whereas, access logs are captured and sent to S3. You can use these logs to analyze traffic patterns, but NOT TO QUERY METRICS using Athena (it does not make sense even).
  
  Therefore, the closest answer to correctness is B!
  
  👍 2
  Raphaello2024/02/09
シャッフルモード

ユーザの投票

コメント(17)