AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company operates a web application on an Apache web server hosted on Amazon EC2 instances within an Auto Scaling group. These EC2 instances are configured to forward Apache web server logs to an Amazon CloudWatch Logs group, which is set to automatically expire after one year. Recently, the company identified suspicious activities in the logs, specifically a series of requests from a particular IP address. A security engineer has been tasked with analyzing the logs from the past week to ascertain the volume of requests from this IP address and to identify the URLs that were accessed. What is the most efficient method for the security engineer to conduct this analysis?
A company operates a web application on an Apache web server hosted on Amazon EC2 instances within an Auto Scaling group. These EC2 instances are configured to forward Apache web server logs to an Amazon CloudWatch Logs group, which is set to automatically expire after one year. Recently, the company identified suspicious activities in the logs, specifically a series of requests from a particular IP address. A security engineer has been tasked with analyzing the logs from the past week to ascertain the volume of requests from this IP address and to identify the URLs that were accessed. What is the most efficient method for the security engineer to conduct this analysis?
Explanation:
The correct answer is C: Use CloudWatch Logs Insights and a custom query syntax to analyze the CloudWatch logs for the specific IP address and the requested URLs. CloudWatch Logs Insights is specifically designed for querying and analyzing logs stored in CloudWatch Logs. It provides a powerful query language that allows for filtering and analysis of log data with minimal effort. This method is efficient because it avoids the need to export data to other services and directly leverages the logs stored in CloudWatch. Additionally, AWS documentation supports using CloudWatch Logs Insights for such tasks, as seen in various query examples provided for analyzing Apache server logs.