A real estate company utilizes Amazon Workspaces across seven VPCs, each located in a different AWS Region, to deliver corporate-managed desktop services to its global real estate agents. To comply with a new requirement, the company’s cloud-based SIEM system must analyze DNS queries from the Workspaces to identify the domains accessed by these Workspaces. The SIEM system supports both poll and push methods for data and log collection. What is the most cost-effective solution a network engineer should implement to fulfill these requirements?

Exam-Like

Create VPC flow logs in each VPC that is connected to the Workspaces instances. Publish the log data to a central Amazon S3 bucket. Configure the SIEM system to poll the S3 bucket periodically.

33.3%

Configure an Amazon CloudWatch agent to log all DNS requests in Amazon CloudWatch Logs. Configure a subscription filter in CloudWatch Logs. Push the logs to the SIEM system by using Amazon Kinesis Data Firehose.

0.0%

Configure VPC Traffic Mirroring to copy network traffic from each Workspace and to send the traffic to the SIEM system probes for analysis.

0.0%

Configure Amazon Route 53 query logging. Set the destination as an Amazon Kinesis Data Firehose delivery stream that is configured to push data to the SIEM system.

66.7%

AWS Certified Advanced Networking - Specialty

Comments

Get started today