ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 925 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 925
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company uses multiple AWS accounts in a single AWS Region. A solutions architect is designing a solution to consolidate logs generated by Elastic Load
Balancers (ELBs) in the AppDev, AppTest, and AppProd accounts. The logs should be stored in an existing Amazon S3 bucket named s3-elb-logs in the central
AWS account. The central account is used for log consolidation only and does not have ELBs deployed. ELB logs must be encrypted at rest.
Which combination of steps should the solutions architect take to build the solution? (Choose two.)

  • A. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutBucketLogging action for the central AWS account ID.
  • B. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutObject and s3:DeleteObject actions for the AppDev, AppTest, and AppProd account IDs.
  • C. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutObject action for the AppDev, AppTest, and AppProd account IDs.
  • D. Enable access logging for the ELBs. Set the S3 location to the s3-elb-logs bucket.
  • E. Enable Amazon S3 default encryption using server-side encryption with S3 managed encryption keys (SSE-S3) for the s3-elb-logs S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by gnic at Sept. 1, 2022, 10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gnic
Highly Voted 2 years, 8 months ago
Selected Answer: C
CE E is for encryption
upvoted 7 times
dubyaF
1 year, 4 months ago
unfortunately you gave permission but did not send any logs into your bucket. Your existing bucket was already encrypted by default, so this step was not needed. You did not select D so you were not able to point to your bucket that you just gave permission to. You can only point to this bucker when you turn on access logging.
upvoted 1 times
dubyaF
1 year, 4 months ago
Additionally, it will also fail to point to this bucket unless the permissions are there. So C and D are the only 2 that work together in actual console that I tested when I turned on logging for my ELB to an existing bucket.
upvoted 1 times
...
...
...
WhyIronMan
Most Recent 9 months, 3 weeks ago
Selected Answer: D
CD, ENCRYPTION is enabled by default
upvoted 1 times
...
dubyaF
1 year, 4 months ago
"an existing Amazon S3 bucket" E is not needed on an existing Amazon S3 bucket-- there is no bucket without encryption on now. I just enabled logging on an ELB, I had to add the permissions "C" and I had to enable access logging to point to my existing bucket. I did not have to encrypt my existing bucket as they all are already that way. C and D
upvoted 1 times
...
Rakesh8585
2 years ago
CDE 3 are correct !!! C: For permissions D: enable access logs E: Encryption
upvoted 2 times
dubyaF
1 year, 4 months ago
Yes but E was done before the question because this is an "existing Amazon S3 bucket". I just did this test, I had to do C and D to finish the task. I did not have to do E as it was already that way.
upvoted 1 times
...
...
zozza2023
2 years, 3 months ago
Selected Answer: C
C and E are the answers
upvoted 3 times
...
AjayD123
2 years, 3 months ago
Selected Answer: D
C & D access logging is disabled by default, while S3 encryption is enabled by default with no option to disable hence E is not required.
upvoted 4 times
...
masetromain
2 years, 3 months ago
Selected Answer: C
The solutions architect should take steps C and E to meet the requirements. Step C: Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutObject action for the AppDev, AppTest, and AppProd account IDs. Step E: Enable Amazon S3 default encryption using server-side encryption with S3 managed encryption keys (SSE-S3) for the s3-elb-logs S3 bucket. This will allow the AppDev, AppTest, and AppProd accounts to write log files to the specified S3 bucket and encrypt them at rest.
upvoted 1 times
...
syaldram
2 years, 3 months ago
C and E
upvoted 1 times
...
sjpd10
2 years, 5 months ago
CE The bucket is already owned by 'central' account, so the perms are for the three teams only (Option B) Opt E is the only choice for encryption and works just fine.
upvoted 1 times
sjpd10
2 years, 5 months ago
Sorry, typo. I meant Option C. The 'Delete' option in OptionB is not required.
upvoted 1 times
...
...
fdoxxx
2 years, 6 months ago
Selected Answer: D
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html
upvoted 1 times
...
Blair77
2 years, 6 months ago
Selected Answer: E
C & E right
upvoted 1 times
...
sodasu
2 years, 6 months ago
C&E right
upvoted 1 times
...
skywalker
2 years, 6 months ago
Selected Answer: C
CE Ticky as there is no Organization involve and thus D is out...
upvoted 1 times
...
AwsBRFan
2 years, 7 months ago
Selected Answer: C
C and E (Choose 2 options) looks like examtopics did a mistake with this one
upvoted 3 times
Biden
2 years, 7 months ago
D is also needed in addition to C & E. just assume D is already enabled hence C,E
upvoted 5 times
fdoxxx
2 years, 6 months ago
Biden is right! We would rather assume that (C) is already done: "The central account is used for log consolidation only and does not have ELBs deployed. ELB logs must be encrypted at rest." But for sure we need to fulfill D to have ELBs logs collected. I will go for D, E
upvoted 2 times
...
fdoxxx
2 years, 6 months ago
Access logs is an optional feature of Elastic Load Balancing that is disabled by default. After you enable access logs for your load balancer, Elastic Load Balancing captures - https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html the logs and stores them in the Amazon S3 bucket that you specify as compressed files. You can disable access logs at any time.
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago