Exam AWS Certified Security - Specialty topic 1 question 410 discussion

A is correct S3 most cost-effectively https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html Changing the retention period for logs and exporting logs to Amazon S3 By default, CloudWatch Logs stores query logs indefinitely. You can optionally specify a retention period so that CloudWatch Logs deletes logs that are older than the retention period. For more information, see Change log data retention in CloudWatch Logs in the Amazon CloudWatch User Guide. If you want to retain log data but you don't need CloudWatch Logs tools to view and analyze the data, you can export logs to Amazon S3, which can reduce your storage costs.

Answer A is the most cost effective solution for storing the DNS logs.

Option C is incorrect because it is not the most cost-effective solution. Configuring Route 53 to export log data to Amazon CloudWatch Logs and setting the retention period to 1 year will result in charges for storing the logs for the full year, even if the logs are no longer needed. Additionally, there is a charge for the number of ingested log events, and this can add up over time, leading to higher costs. In comparison, options A and B provide a more cost-effective solution by automatically deleting logs that are older than 1 year, reducing the amount of data stored and the associated charges.

general wise words: key word durable is almost always S3 S3 is more cost-effectively than CloudWatch. S3 Lifecycle policies for automatic deletion A 100%

To all those saying C, Every AWS exam question I have ever encountered that mentions cost Expects you to know what the cheapest option is, no other answer will be accepted. This makes me say A.

A, If you want to retain log data but you don't need CloudWatch Logs tools to view and analyze the data, you can export logs to Amazon S3, which can reduce your storage costs https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html

It is A. CloudWatch does cost 10+ times more than s3 You can export dns query logs to either s3 or cloudwatch https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html#query-logs-changing-retention-period

i think A

Answer: A If you want to retain log data but you don't need CloudWatch Logs tools to view and analyze the data, you can export logs to Amazon S3, which can reduce your storage costs. For more information, see Exporting log data to Amazon S3.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html

DNS query logs can be send directly to S3: https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/

Retention period for cloudwatch logs can be till 10 years.. this seems to be the right option

send dns query logs to cloudwatchlog and set retention period to 1year.

Query logs cannot be exported directly to s3. I think A is correct for cost efficiency because it can be exported to s3 with the logs function. But if the answer is A, anything is possible

If you want to retain log data but you don't need CloudWatch Logs tools to view and analyze the data, you can export logs to Amazon S3, which can reduce your storage costs. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html

A > S3 cheaper than cloud watch

I go with A, s3 provides a highly durable storage and MOST cost-effectively https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/S3Export.html