ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Database - Specialty All Questions

View all questions & answers for the AWS Certified Database - Specialty exam
Go to Exam

Exam AWS Certified Database - Specialty topic 1 question 24 discussion

Exam question from Amazon's AWS Certified Database - Specialty
Question #: 24
Topic #: 1
[All AWS Certified Database - Specialty Questions]

The Security team for a finance company was notified of an internal security breach that happened 3 weeks ago. A Database Specialist must start producing audit logs out of the production Amazon Aurora PostgreSQL cluster for the Security team to use for monitoring and alerting. The Security team is required to perform real-time alerting and monitoring outside the Aurora DB cluster and wants to have the cluster push encrypted files to the chosen solution.
Which approach will meet these requirements?

  • A. Use pg_audit to generate audit logs and send the logs to the Security team.
  • B. Use AWS CloudTrail to audit the DB cluster and the Security team will get data from Amazon S3.
  • C. Set up database activity streams and connect the data stream from Amazon Kinesis to consumer applications.
  • D. Turn on verbose logging and set up a schedule for the logs to be dumped out for the Security team.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by BillyC at July 15, 2020, 1:07 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
learnaws
Highly Voted 3 years, 8 months ago
answer is C. https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-database-activity-streams/
upvoted 15 times
BillyC
3 years, 8 months ago
Yes, real time
upvoted 3 times
...
BillyMadison
3 years, 8 months ago
Agree C, the link you posted nails it. Anytime the question want "real time alerts or streams", its almost always Kinesis streams. "Database Activity Streams for Amazon Aurora with PostgreSQL compatibility provides a near real-time data stream of the database activity in your relational database to help you monitor activity. When integrated with third party database activity monitoring tools, Database Activity Streams can monitor and audit database activity to provide safeguards for your database and help meet compliance and regulatory requirements."
upvoted 4 times
...
...
adelcold
Most Recent 1 year, 11 months ago
Selected Answer: C
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Overview.html
upvoted 1 times
...
ken_test1234
2 years, 2 months ago
Selected Answer: C
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Overview.html
upvoted 1 times
...
SachinGoel
2 years, 4 months ago
Selected Answer: C
Ans - C
upvoted 1 times
...
Chirantan
2 years, 10 months ago
answer is C. https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-database-activity-streams/ Database Activity Streams for Amazon Aurora with PostgreSQL compatibility provides a near real-time data stream of the database activity in your relational database to help you monitor activity. When integrated with third party database activity monitoring tools, Database Activity Streams can monitor and audit database activity to provide safeguards for your database and help meet compliance and regulatory requirements.
upvoted 1 times
...
Chirantan
2 years, 10 months ago
Database Activity Streams for Amazon Aurora with PostgreSQL compatibility provides a near real-time data stream of the database activity in your relational database to help you monitor activity. When integrated with third party database activity monitoring tools, Database Activity Streams can monitor and audit database activity to provide safeguards for your database and help meet compliance and regulatory requirements.
upvoted 1 times
...
novice_expert
3 years ago
Selected Answer: C
I chose C over B x B. Use AWS CloudTrail to audit the DB cluster and the Security team will get data from Amazon S3. - CloudTrail is automatically enabled for all accounts, and logs events, so this is good for past activities for breach Amazon Aurora activity is recorded in a CloudTrail event in Event history. You can use the CloudTrail console to view the last 90 days of recorded API activity and events in an AWS Region. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/logging-using-cloudtrail.html https://aws.amazon.com/cloudtrail/faqs/ C is for future activities Database Activity Streams can monitor and audit database activity to provide real time safeguards for your database and help meet compliance and regulatory requirements. https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-database-activity-streams/ DB->Database Activity Streams->Kinesis ->Security team C. Set up database activity streams and connect the data stream from Amazon Kinesis to consumer applications.
upvoted 2 times
Mintwater
2 years, 2 months ago
I like your explanation -- CloudTrail is for the historical data; Kinesis is for the future data.
upvoted 1 times
...
...
jove
3 years, 5 months ago
Real-time alerting and monitoring > Option C
upvoted 1 times
...
Scunningham99
3 years, 6 months ago
C https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBActivityStreams.Overview.html
upvoted 1 times
...
ChauPhan
3 years, 6 months ago
Only C meets the real-time, A, D is possible but schedule.
upvoted 1 times
...
gelsm
3 years, 7 months ago
C. Set up database activity streams and connect the data stream from Amazon Kinesis to consumer applications. Aurora Database activity streams provide a near real-time data stream of the database activity for an Aurora DB cluster. Database activity streams require the use of AWS KMS because the activity streams are always encrypted.
upvoted 1 times
...
Dip11
3 years, 7 months ago
C for sure.
upvoted 1 times
...
LMax
3 years, 7 months ago
Between A and C, but would go with C after reading this: https://aws.amazon.com/about-aws/whats-new/2019/05/amazon-aurora-with-postgresql-compatibility-supports-database-activity-streams/
upvoted 2 times
...
myutran
3 years, 7 months ago
Ans: C
upvoted 1 times
...
bigaws
3 years, 7 months ago
I agree with C. I think that Cloudtrail does not support the type of loging that would be required here, it is not the internal databsae info: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.LoggingAndMonitoring.html
upvoted 1 times
...
JobinAkaJoe
3 years, 7 months ago
Between A & C I will go with C as the logs should be used for real-time alerting and monitoring.
upvoted 1 times
...
Ashoks
3 years, 7 months ago
C is the answer
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel