ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 439 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 439
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has multiple AWS accounts hosting IT applications. An Amazon CloudWatch Logs agent is installed on all Amazon EC2 instances. The company wants to aggregate all security events in a centralized AWS account dedicated to log storage.
Security Administrators need to perform near-real-time gathering and correlating of events across multiple AWS accounts.
Which solution satisfies these requirements?

  • A. Create a Log Audit IAM role in each application AWS account with permissions to view CloudWatch Logs, configure an AWS Lambda function to assume the Log Audit role, and perform an hourly export of CloudWatch Logs data to an Amazon S3 bucket in the logging AWS account.
  • B. Configure CloudWatch Logs streams in each application AWS account to forward events to CloudWatch Logs in the logging AWS account. In the logging AWS account, subscribe an Amazon Kinesis Data Firehose stream to Amazon CloudWatch Events, and use the stream to persist log data in Amazon S3.
  • C. Create Amazon Kinesis Data Streams in the logging account, subscribe the stream to CloudWatch Logs streams in each application AWS account, configure an Amazon Kinesis Data Firehose delivery stream with the Data Streams as its source, and persist the log data in an Amazon S3 bucket inside the logging AWS account.
  • D. Configure CloudWatch Logs agents to publish data to an Amazon Kinesis Data Firehose stream in the logging AWS account, use an AWS Lambda function to read messages from the stream and push messages to Data Firehose, and persist the data in Amazon S3.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by awsec2 at Sept. 12, 2019, 12:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
donathon
Highly Voted 3 years, 9 months ago
C The solution uses Amazon Kinesis Data Streams and a log destination to set up an endpoint in the logging account to receive streamed logs and uses Amazon Kinesis Data Firehose to deliver log data to the Amazon Simple Storage Solution (S3) bucket. Application accounts will subscribe to stream all (or part) of their Amazon CloudWatch logs to a defined destination in the logging account via subscription filters. https://aws.amazon.com/blogs/architecture/central-logging-in-multi-account-environments/ A: Does not satisfy “near real time”.
upvoted 40 times
pra276
3 years, 9 months ago
See this for answer B: https://aws.amazon.com/blogs/architecture/stream-amazon-cloudwatch-logs-to-a-centralized-account-for-audit-and-analysis/
upvoted 1 times
LunchTime
3 years, 9 months ago
The example pra276 provides does not support answer B as the example requires the use of Kinesis in addition to CloudWatch Log Streams.
upvoted 1 times
...
ppshein
3 years, 8 months ago
B is incorrect because of CW Event, which is irrelevant.
upvoted 6 times
user0001
3 years, 2 months ago
for real-time Kinesis Data Streams
upvoted 1 times
...
...
...
heany
2 years, 9 months ago
Should be B. You will need data stream to send logs cross accounts. But for event, you can send directly to another account. https://medium.com/version-1/centralised-logs-and-alarms-from-multiple-aws-accounts-e8ef02750340
upvoted 1 times
heany
2 years, 7 months ago
from the link below. Forwarding CW events to other accounts can achieve near real time https://aws.amazon.com/blogs/aws/new-cross-account-delivery-of-cloudwatch-events/
upvoted 1 times
...
...
...
Moon
Highly Voted 3 years, 9 months ago
I support answer "C". C: the solution is having a proper logging steps: CloudWatch (application Account) --> Kinesis Data Stream (Logging Account) --> Kinesis Firehose (Logging Account) --> S3 (Logging Account)
upvoted 28 times
...
SkyZeroZx
Most Recent 2 years ago
Selected Answer: C
"subscribe an Amazon Kinesis Data Firehose stream to Amazon CloudWatch Events" in letter B is more complex and incorrect Because letter C is more apropiate
upvoted 1 times
...
BKhan
2 years, 5 months ago
Selected Answer: C
Should be C
upvoted 1 times
...
cldy
3 years, 7 months ago
C. Create Amazon Kinesis Data Streams in the logging account, subscribe the stream to CloudWatch Logs streams in each application AWS account, configure an Amazon Kinesis Data Firehose delivery stream with the Data Streams as its source, and persist the log data in an Amazon S3 bucket inside the logging AWS account.
upvoted 2 times
...
AzureDP900
3 years, 7 months ago
real time is keyword here and I will go with C
upvoted 2 times
...
backfringe
3 years, 7 months ago
I'd go with C CloudWatch (application Account) --> Kinesis Data Stream (Logging Account) --> Kinesis Firehose (Logging Account) --> S3 (Logging Account)
upvoted 2 times
...
fadhilmukh
3 years, 7 months ago
Selected Answer: C
it's C. Near real-time = Amazon Kinesis Data Streams
upvoted 2 times
...
andylogan
3 years, 8 months ago
It's C
upvoted 1 times
...
WhyIronMan
3 years, 8 months ago
I'll go with C
upvoted 1 times
...
Radhaghosh
3 years, 8 months ago
For Centralized login you need Kinesis Data Stream. (using CloudWatch Destination) https://aws.amazon.com/solutions/implementations/centralized-logging/ Correct Answer is C
upvoted 4 times
...
Waiweng
3 years, 8 months ago
Go for C
upvoted 3 times
...
Kian1
3 years, 8 months ago
going with C
upvoted 2 times
...
LB
3 years, 8 months ago
https://aws.amazon.com/blogs/architecture/stream-amazon-cloudwatch-logs-to-a-centralized-account-for-audit-and-analysis/
upvoted 1 times
...
Ebi
3 years, 8 months ago
Answer is C
upvoted 6 times
...
sanjaym
3 years, 8 months ago
I'll go with C
upvoted 1 times
...
T14102020
3 years, 8 months ago
Correct answer is C. CloudWatch (application Account) --> Kinesis Data Stream (Logging Account) --> Kinesis Firehose (Logging Account) --> S3 (Logging Account)
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel