ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 104 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 104
Topic #: 1
[All AWS Certified Security - Specialty Questions]

An AWS Lambda function was misused to alter data, and a Security Engineer must identify who invoked the function and what output was produced. The Engineer cannot find any logs created by the Lambda function in Amazon CloudWatch Logs.
Which of the following explains why the logs are not available?

  • A. The execution role for the Lambda function did not grant permissions to write log data to CloudWatch Logs.
  • B. The Lambda function was executed by using Amazon API Gateway, so the logs are not stored in CloudWatch Logs.
  • C. The execution role for the Lambda function did not grant permissions to write to the Amazon S3 bucket where CloudWatch Logs stores the logs.
  • D. The version of the Lambda function that was executed was not current.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Reference:
https://docs.aws.amazon.com/lambda/latest/dg/troubleshooting.html
by duduga40 at Sept. 7, 2019, 6:53 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sriramps
Highly Voted 3 years, 6 months ago
Answer is A You can insert logging statements into your code to help you validate that your code is working as expected. Lambda automatically integrates with Amazon CloudWatch Logs. It pushes all logs from your code to a CloudWatch Logs group that is associated with a Lambda function (/aws/lambda/<function name>). To learn more about log groups and accessing them through the CloudWatch console, see Working with Log Groups and Log Streams in the Amazon CloudWatch Logs User Guide. For information about how to access CloudWatch log entries, see Accessing Amazon CloudWatch Logs for AWS Lambda. Note If your Lambda function code is executing, but you don't see any log data being generated after several minutes, this could mean that your execution role for the Lambda function didn't grant permissions to write log data to CloudWatch Logs. For information about how to make sure that you have set up the execution role correctly to grant these permissions, see AWS Lambda Execution Role. https://docs.aws.amazon.com/lambda/latest/dg/lambda-monitoring.html
upvoted 31 times
...
josellama2000
Highly Voted 3 years, 7 months ago
B is incorrect. API calls are also logged in cloudtrail C is incorrect. Cloudwatch is the one that writes logs to S3, not the Lambda D is incorrect. Irrelevant
upvoted 12 times
...
Raphaello
Most Recent 1 year, 2 months ago
Selected Answer: A
Correct Answer is A Lambda execution role needs the following actions to be permitted. "logs:CreateLogGroup" "logs:CreateLogStream" "logs:PutLogEvents"
upvoted 1 times
...
ITGURU51
2 years ago
The lambda function's execution role must have sufficient permissions to write logs to CloudWatch.
upvoted 1 times
...
Ell89
2 years, 2 months ago
Selected Answer: A
answer is A
upvoted 1 times
...
skipbaylessfor3
3 years, 6 months ago
Lol I've actually experienced this problem at work. I'm pretty sure the answer is A
upvoted 2 times
...
sanjaym
3 years, 6 months ago
Ans: A 100%
upvoted 2 times
MartNobel
3 years, 6 months ago
what a contribution!
upvoted 2 times
SoukelezArtibuz
3 years, 5 months ago
Exactly what I am thinking when I see every sanjaym's comment on that dump XD
upvoted 2 times
...
...
...
NANDY666
3 years, 6 months ago
A is Correct
upvoted 1 times
...
devjava
3 years, 6 months ago
Ans > A
upvoted 1 times
...
AfricanCloudGuru
3 years, 6 months ago
Ans (A) https://docs.aws.amazon.com/lambda/latest/dg/lambda-monitoring.html
upvoted 1 times
...
gfhbox0083
3 years, 6 months ago
A, for sure. We can log API calls in CloudWatch logs. To help debug issues related to request execution or client access to your API, you can enable Amazon CloudWatch Logs to log API calls. https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html
upvoted 1 times
...
RakeshTaninki
3 years, 6 months ago
A is correct
upvoted 1 times
...
henry76
3 years, 6 months ago
A and B looks correct !
upvoted 1 times
...
quehant
3 years, 7 months ago
Nobody votes for B? The lambda already altered the data, and it is asking who invoked and what was altered. So I think it should be in cloudtrail
upvoted 2 times
...
newbie2019
3 years, 7 months ago
A is the answer.
upvoted 1 times
...
INASR
3 years, 7 months ago
A is right
upvoted 1 times
...
ugreenhost
3 years, 7 months ago
Out of the 4 options, A seems to be the most possible
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago