ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 194 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 194
Topic #: 1
[All AWS Certified Security - Specialty Questions]

During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent.
Why were there no alerts on the sudo commands?

  • A. There is a security group blocking outbound port 80 traffic that is preventing the agent from sending the logs.
  • B. The IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch.
  • C. CloudWatch Logs status is set to ON versus SECURE, which prevents if from pulling in OS security event logs.
  • D. The VPC requires that all traffic go through a proxy, and the CloudWatch Logs agent does not support a proxy configuration.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by DayQuil at March 12, 2021, 10:51 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DayQuil
Highly Voted 3 years, 9 months ago
B is the only option that makes sense.
upvoted 19 times
Daniel76
3 years, 8 months ago
B- https://aws.amazon.com/premiumsupport/knowledge-center/cloudwatch-push-logs-with-unified-agent/
upvoted 6 times
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
Bad bad question! It implies that only sudo commands not reported, while the best answer B suggest no logs at all! Poorly written question.
upvoted 1 times
...
Kurp
3 years ago
Selected Answer: B
B is correct
upvoted 1 times
...
TigerInTheCloud
3 years, 2 months ago
Selected Answer: B
A. Doesn't make sense, especially wrong with the security group prevent 80. I don't think AWS uses unsecured HTTP for most of its services. B. Makes sense C. CloudWatch log does not pull D. Does not make sense. The question is quite weird on mentioning a specific command not being reported.
upvoted 3 times
...
RaySmith
3 years, 4 months ago
B seems correct.
upvoted 1 times
...
lotfi50
3 years, 5 months ago
B is the answer.
upvoted 2 times
...
jj22222
3 years, 6 months ago
b looks right
upvoted 2 times
...
jj22222
3 years, 6 months ago
Selected Answer: B
B. The IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch.
upvoted 3 times
...
RaySmith
3 years, 7 months ago
B seems correct.
upvoted 1 times
...
skipbaylessfor3
3 years, 8 months ago
I guess B makes sense, but that's kind of the obvious answer and it seems like the question is asking specifically about sudo commands, not all commands? That being said, I don't think A makes sense, I don't see much documentation that would support C, and D doesn't make sense either lol
upvoted 3 times
...
sanjaym
3 years, 9 months ago
B is the answer.
upvoted 3 times
...
cldy
3 years, 9 months ago
B. Only sensible one ....
upvoted 2 times
...
Hudda
3 years, 9 months ago
B is final answer friends? pls confirm.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel