ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 186 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 186
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An application running on Amazon EC2 instances generates log files in a folder on a Linux file system. The instances block access to the console and file transfer utilities, such as Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP). The Application Support team wants to automatically monitor the application log files so the team can set up notifications in the future.
A Security Engineer must design a solution that meets the following requirements:
✑ Make the log files available through an AWS managed service.
Allow for automatic monitoring of the logs.

✑ Provide an interface for analyzing logs.
✑ Minimize effort.
Which approach meets these requirements?

  • A. Modify the application to use the AWS SDK. Write the application logs to an Amazon S3 bucket.
  • B. Install the unified Amazon CloudWatch agent on the instances. Configure the agent to collect the application log files on the EC2 file system and send them to Amazon CloudWatch Logs.
  • C. Install AWS Systems Manager Agent on the instances. Configure an automation document to copy the application log files to AWS DeepLens.
  • D. Install Amazon Kinesis Agent on the instances. Stream the application log files to Amazon Kinesis Data Firehose and set the destination to Amazon Elasticsearch Service.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DayQuil at March 12, 2021, 10 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sanjaym
Highly Voted 3 years, 9 months ago
B for sure.
upvoted 13 times
DahMac
3 years, 8 months ago
B does "minimum effort" and "make log files available" B does not provide an interface for analyzing logs unless you think metrics monitor fits the bill. I guess that's good enough, -B- it is.
upvoted 1 times
...
...
DayQuil
Highly Voted 3 years, 9 months ago
B. Technically D is correct too, but minimal effort is a requirement here. You can use Cloudwatch Logs Insights to query CloudWatch logs in the console. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html
upvoted 7 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
For this case, I would go with B. Using a single AWS service that checks all the boxes of the requirements. That being said, option D is NOT wrong, but it does not fit perfectly with this case. Kinesis agent can be used to collect app logs, and can be used as source for Kinesis Data Firehose. I would've picked this option had the request is to send the logs to custom HTTP endpoint, Splunk, or Datadog. All are valid KDF destinations and would give the edge to this option over B. However for the current requirements, option B is the answer.
upvoted 1 times
...
RosenYordanov
1 year, 7 months ago
Selected Answer: B
B. Install the unified Amazon CloudWatch agent on the instances. Configure the agent to collect the application log files on the EC2 file system and send them to Amazon CloudWatch Logs. Explanation: Amazon CloudWatch: Amazon CloudWatch is an AWS managed service that provides monitoring for AWS resources and applications. The CloudWatch agent can be installed on EC2 instances to collect logs, system metrics, and other data. CloudWatch Logs: CloudWatch Logs is a service for monitoring, storing, and accessing log files from Amazon EC2 instances, AWS CloudTrail, and other sources. The CloudWatch agent can be configured to collect and send log files from EC2 instances to CloudWatch Logs. Monitoring and Analysis: Once the logs are in CloudWatch Logs, you can set up alarms and notifications for specific log events. You can also use CloudWatch Logs Insights for interactive, real-time log analysis. Minimizing Effort: Installing and configuring the CloudWatch agent is relatively straightforward, and it integrates well with other AWS services.
upvoted 1 times
...
pk0619
2 years ago
Selected Answer: B
B is the easy way
upvoted 1 times
...
Tofu13
2 years, 1 month ago
Selected Answer: D
Same reason as tipzzz Provide an interface for analyzing logs. --> Elasticsearch Doesn't make sense to value minimum effort over fulfilling the requirements. Unless there is an interface for analyzing logs in CW the answer should be D.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
If we install the Cloudwatch agent we can significantly reduces the amount of effort it takes to monitor the EC2 instance. B
upvoted 1 times
...
[Removed]
2 years, 8 months ago
Selected Answer: B
B&D are both good. But D is definitely does not sound like" Minimize effort." I think answer is B
upvoted 1 times
...
sapien45
2 years, 10 months ago
Selected Answer: B
b it is
upvoted 2 times
...
dcasabona
2 years, 10 months ago
Selected Answer: D
I go for option D.
upvoted 1 times
...
AzureDP900
3 years, 6 months ago
B is right
upvoted 1 times
...
kiev
3 years, 8 months ago
Monitoring is always Cloudwatch and therefore answer is B
upvoted 2 times
...
tipzzz
3 years, 8 months ago
D is the answer. Kinesis agent can send logs to firehose. ✑ Provide an interface for analyzing logs. --> Elasticsearch
upvoted 1 times
acloudguru
3 years, 8 months ago
is Elasticsearch a 'AWS managed service'?
upvoted 2 times
peddyua
2 years, 3 months ago
well you can use OpenSearch which is AWS service, but it's a stretch and much more complicated then B, while B does the job perfectly, you can even configure AWS Dashboard if regular cloudwatch is not enough.
upvoted 1 times
...
...
...
skipbaylessfor3
3 years, 8 months ago
Maybe I'm thinking too deeply into this, but it says "provide an interface for analyzing logs" wouldn't that be better with ElasticSearch? Since it has integration with Kibana and Logstash etc... CloudWatch just shows the logs plainly? Also it says AWS managed service, Elasticsearch is explicitly managed? (Although technically CloudWatch is managed too) I'm wondering if there's anything to do with SCP and SFTP, not sure why those are mentioned
upvoted 3 times
...
DerekKey
3 years, 8 months ago
Crazy answer C -> AWS DeepLens :)
upvoted 2 times
skipbaylessfor3
3 years, 8 months ago
Lol you're joking right
upvoted 2 times
...
...
ChinkSantana
3 years, 9 months ago
B is the only correct answer here
upvoted 2 times
...
cldy
3 years, 9 months ago
B. Classic case of AWS ....
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel