Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 197 discussion

ADF A or B work, but docs recomment cloud trail: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

ADF are correct choices.

The requirement is for the most cost-effective. A - You will pay for the data event delivered to S3 C - No integration to SES D - Paying more for Timestream

The conflict is between AWS Cloudtrail (A) and S3 Server Access Log (B). B is incorrect because S3 Server access logs track requests at the bucket level, not object-level operations (e.g., deletions). A is correct because CloudTrail is required for detailed tracking including object level..

BDF flows well. ADF, however, does not provide details on how you will store the logs in the new S3 bucket.

"We recommend that you use CloudTrail for logging bucket-level and object-level actions for your Amazon S3 resources."

ADFis right answer.

Both A and B can log s3 activities. Difference is A real time log but cost more. B log has delay but cheaper. The requirement is the most cost-effective so choose B to meet this requirement.

ADF logs everything, BDF doesnt.

BDF meet the requirements.

Probably B is cheaper but A is safer and more accurate and remember the "The company must log ALL activities for objects" According to this https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html#LogDeliveryBestEffort "The log record for a particular request might be delivered long after the request was actually processed, or it might not be delivered at all. " so for me is A not B

Given the requirement to log all activities for objects in an S3 bucket and keep logs for 5 years, combined with a focus on cost-effectiveness, S3 server access logging (Option B) would indeed be a cheaper solution for capturing basic access logs. However, for advanced auditing and compliance requirements where detailed API call tracking is needed, CloudTrail's data event logging provides valuable insights that S3 access logs do not.

B is cheaper than A AWS CloudTrail (A) - Management events (first delivery) are free; data events incur a fee, in addition to storage of logs S3 Server Logs (B) - No other cost in addition to storage of logs https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html#:~:text=S3%20Server%20Logs-,Price,-Management%20events%20(first

For capturing object-level events, such as object deletions, you would typically use Amazon S3 Event Notifications or enable AWS CloudTrail data events for S3.

S3 server access logging does not capture object-level events like object deletions. so I will go ADF.

BDF Because it asked for cost-effective.

B is better than A because S3 server logs -- > Cost efficient and get more log information (Lifecycle, Authentication info) Link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html