Exam AWS Certified Security - Specialty topic 1 question 145 discussion

B - A,C & D are total hogwash! Whoever wrote this has poor English skills (without re-architecture the - without re-architecting the ). minimal operational impact? - changing how something work really does have minimal operational impact!! 'A' is saying "Make a whole bunch of Security Management systems each running in its own instance and get the output in another account by magic, then create another entire Security Management system to look at the log files" - a solution best suited to those with 2 heads and a cocaine habit.

For real-time log forwarding, Kinesis Agent allows reliable streaming of log files and other data to Kinesis Data Streams. Option B is right solution.

Option D recommends selecting a pay-per-use SIEM from the AWS Marketplace and deploying the AMI in each workload as needed. It also mentions using Amazon Athena for real-time alerts. This option is the most operationally efficient because it allows you to adopt a new SIEM without significant manual setup or changes to the existing infrastructure. Given the requirement to change SIEMs with minimal operational impact, Option D is the most suitable choice. It allows you to utilize a pre-configured SIEM solution without re-architecting your workloads or introducing complex configurations.

I don't get it how Kensis fit here Kinesis Agent is a stand-alone Java software application that offers an easy way to collect and send data to Kinesis Data Streams. The agent continuously monitors a set of files and sends new data to your stream. The agent handles file rotation, checkpointing, and retry upon failures. It delivers all of your data in a reliable, timely, and simple manner. It also emits Amazon CloudWatch metrics to help you better monitor and troubleshoot the streaming process. By default, records are parsed from each file based on the newline ('\n') character. However, the agent can also be configured to parse multi-line records (see Agent Configuration Settings). You can install the agent on Linux-based server environments such as web servers, log servers, and database servers. After installing the agent, configure it by specifying the files to monitor and the stream for the data. After the agent is configured, it durably collects data from the files and reliably sends it to the stream.

The end goal is to design a monitoring solution with minimal operational impact. Therefore B would be a great choice.

Better than others even though there are operational efforts

B seems straightforward

A and both are looking good, but I will go for A, as the question ask "without re-architecture the solution" . Kinesis, Lambda will be an overhead in this case.

Between A&B - With Minimal Operational Overhead - B.

I go on B.

The question is very confused between A & B. But I think B is more suitable in this case. https://aws.amazon.com/blogs/big-data/integrating-splunk-with-amazon-kinesis-streams/

I think A

Another good exemple of the horrible wording that you can find in AWS certification exams... Replace a system, without re-architecturing, minimal impact. No clear answers proposed, and they doesn't fit the quetions requirements... Good luck with that!!!

B. for least operational impact.

B, since for central logging like this, Kinesis is usually a first choice

C&D are out of scope. CT is not mentioned and Athena is not real-time. From A and B, B sounds more appropriate here.

This question is really far too ambiguous, there's not enough information to answer it with any certainty. I'll skip it and spend my time on questions that make sense. A - how do we know if this is like the current solution? B - somewhat plausible C - you don't send anything to CloudTrail D - Athena isn't real time.