AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company has identified security issues related to specific hosts and host header combinations that have impacted their business operations. To address these issues, they have implemented AWS WAF web ACLs and now require a log analysis solution to monitor and analyze AWS WAF logs centrally. The solution must enable the filtering of requests by specific hosts. A security engineer has initiated the process of enabling access logging for the AWS WAF web ACLs. What is the next step the security engineer should take to achieve this log analysis with the highest operational efficiency?
A company has identified security issues related to specific hosts and host header combinations that have impacted their business operations. To address these issues, they have implemented AWS WAF web ACLs and now require a log analysis solution to monitor and analyze AWS WAF logs centrally. The solution must enable the filtering of requests by specific hosts. A security engineer has initiated the process of enabling access logging for the AWS WAF web ACLs. What is the next step the security engineer should take to achieve this log analysis with the highest operational efficiency?
Explanation:
The correct answer is B. Specifying Amazon CloudWatch as the destination for the access logs and using Amazon CloudWatch Logs Insights to design a query to filter the logs by host is the most operationally efficient approach. This option allows you to directly utilize CloudWatch Logs Insights without the need for additional data transfers or configurations, making it simpler and quicker to implement. While other options might also work, they involve more steps and added complexity, reducing overall operational efficiency.