AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company has successfully migrated its on-premises virtual machines (VMs) to Amazon EC2 instances using a lift-and-shift approach. As part of their cloud optimization strategy, they intend to replace their existing load balancer software, which runs on EC2 instances, with AWS Elastic Load Balancers. To facilitate this transition, the security engineer is tasked with ensuring that all load balancer logs are centralized and searchable for auditing purposes. Additionally, the engineer must ensure that metrics are generated to monitor the ciphers in use. Which solution will effectively meet these logging and monitoring requirements?
Explanation:
The most suitable solution is option B: 'Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3 bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create Amazon CloudWatch filters on the S3 log files for the required metrics.' This approach allows for centralized storage of the logs in an S3 bucket. Amazon Athena provides a powerful and flexible way to query these logs, ensuring they are searchable. Furthermore, by creating CloudWatch filters on the S3 log files, the necessary metrics can be monitored. This method is comprehensive and leverages AWS managed services effectively for logging and monitoring.