ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 182 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 182
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has hundreds of AWS accounts, and a centralized Amazon S3 bucket used to collect AWS CloudTrail logs for all of these accounts. A Security
Engineer wants to create a solution that will enable the company to run ad hoc queries against its CloudTrail logs dating back 3 years from when the trails were first enabled in the company's AWS account.
How should the company accomplish this with the least amount of administrative overhead?

  • A. Run an Amazon EMR cluster that uses a MapReduce job to examine the CloudTrail trails.
  • B. Use the events history feature of the CloudTrail console to query the CloudTrail trails.
  • C. Write an AWS Lambda function to query the CloudTrail trails. Configure the Lambda function to be executed whenever a new file is created in the CloudTrail S3 bucket.
  • D. Create an Amazon Athena table that looks at the S3 bucket the CloudTrail trails are being written to. Use Athena to run queries against the trails.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Ayusef at March 12, 2021, 6:06 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ayusef
Highly Voted 3 years, 9 months ago
This is D... Ad hoc query is needed and cloud trail event history needs 90 days to load non standard data. Also Aethna has a 3 year limit if I recall but this is going back 3 years not beyond.
upvoted 22 times
...
skipbaylessfor3
Highly Voted 3 years, 7 months ago
D makes sense... A - I haven't the slightest idea how EMR works and don't care to find out B - Can't use this past 90 days C - This might work, but I'm not sure how it'd show everything for the past 3 years? Doesn't seem very efficient either
upvoted 9 times
AkaAka4
3 years, 7 months ago
"Don't care to find out"... I don't know the answer but I agree with you on that!
upvoted 3 times
...
...
yorkicurke
Most Recent 1 year, 6 months ago
Selected Answer: D
i wish all of the questions were like this one :) Good Luck everyone.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
To accomplish this with the least amount of administrative overhead, the company can use Amazon Athena to query the CloudTrail logs stored in Amazon S3. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. D
upvoted 1 times
...
jishrajesh
2 years, 5 months ago
D is the answer
upvoted 1 times
...
MoreOps
3 years, 2 months ago
Selected Answer: D
I think the answer is D also
upvoted 2 times
...
sanjaym
3 years, 8 months ago
D for sure.
upvoted 3 times
...
Tolaji
3 years, 8 months ago
I think its D.
upvoted 3 times
...
JAWS1600
3 years, 8 months ago
D . B is wrong as event history can work on CT up to 90 days
upvoted 5 times
ChinkSantana
3 years, 8 months ago
D is the correct answer here. https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel