Answer-first summary for fast verification
Answer: Configure Amazon Route 53 query logging. Set the destination as an Amazon Kinesis Data Firehose delivery stream that is configured to push data to the SIEM system.
To meet the requirement of analyzing DNS queries generated by Amazon Workspaces in a cost-effective manner, the best solution is to use Amazon Route 53 query logging. This is because Route 53 query logging directly captures DNS queries made by resources within the VPCs, including those made by Amazon Workspaces. By setting the destination of these logs to an Amazon Kinesis Data Firehose delivery stream, the logs can be efficiently pushed to the SIEM system for analysis. This method is more direct and cost-effective compared to the other options. Option A involves using VPC flow logs, which do not specifically capture DNS queries. Option B suggests using a CloudWatch agent to log DNS requests, which is not as straightforward or efficient as Route 53 query logging for DNS-specific data. Option C, VPC Traffic Mirroring, is more complex and costly, as it involves copying all network traffic, not just DNS queries, and sending it to SIEM system probes. Therefore, the most cost-effective and efficient solution is Option D.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A real estate company utilizes Amazon Workspaces across seven VPCs, each located in a different AWS Region, to deliver corporate-managed desktop services to its global real estate agents. To comply with a new requirement, the company’s cloud-based SIEM system must analyze DNS queries from the Workspaces to identify the domains accessed by these Workspaces. The SIEM system supports both poll and push methods for data and log collection. What is the most cost-effective solution a network engineer should implement to fulfill these requirements?
A
Create VPC flow logs in each VPC that is connected to the Workspaces instances. Publish the log data to a central Amazon S3 bucket. Configure the SIEM system to poll the S3 bucket periodically.
B
Configure an Amazon CloudWatch agent to log all DNS requests in Amazon CloudWatch Logs. Configure a subscription filter in CloudWatch Logs. Push the logs to the SIEM system by using Amazon Kinesis Data Firehose.
C
Configure VPC Traffic Mirroring to copy network traffic from each Workspace and to send the traffic to the SIEM system probes for analysis.
D
Configure Amazon Route 53 query logging. Set the destination as an Amazon Kinesis Data Firehose delivery stream that is configured to push data to the SIEM system.