Topic 1 Question 217
A security engineer needs to analyze Apache web server access logs that are stored in an Amazon S3 bucket. Amazon EC2 instance web servers generated the logs. The EC2 instances have the Amazon CloudWatch agent installed and configured to report their access logs.
The security engineer needs to use a query in Amazon Athena to analyze the logs. The query must identify IP addresses that have attempted and failed to access restricted web server content held at the /admin URL path. The query also must identify the URLs that the IP addresses attempted to access.
Which query will meet these requirements?
SELECT client_ip, client_request FROM logs WHERE client_request LIKE '%/admin%!’ AND server_status = '403’
SELECT client_ip FROM logs WHERE client_request CONTAINS '%/admin%’ AND server_status = '401' GROUP BY client_ip
SELECT DISTINCT (client_ip), client_request, client_id FROM logs WHERE server status = ‘403’ LIMIT 1000
SELECT DISTINCT (client_ip), client_request FROM logs WHERE user_id <> ‘admin’ AND server_status = ‘401!’
ユーザの投票
コメント(1)
- 正解だと思う選択肢: A
A. SELECT client_ip, client_request FROM logs WHERE client_request LIKE ‘%/admin%’ AND server_status = ‘403’
client_ip: This field identifies the IP addresses that attempted to access the restricted content.
client_request: This field shows the URLs that the IP addresses attempted to access.
LIKE ‘%/admin%’: This condition filters the requests to those targeting the /admin URL path.
server_status = ‘403’: This condition ensures that only failed access attempts (HTTP 403 Forbidden status) are included in the results.
This query will help the security engineer identify both the IP addresses and the specific URLs they attempted to access, which is crucial for analyzing unauthorized access attempts.
👍 2IPLogic2024/12/04
シャッフルモード