ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 197 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 197
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is storing sensitive data in an Amazon S3 bucket. The company must log all activities for objects in the S3 bucket and must keep the logs for 5 years. The company's security team also must receive an email notification every time there is an attempt to delete data in the S3 bucket.

Which combination of steps will meet these requirements MOST cost-effectively? (Choose three.)

  • A. Configure AWS CloudTrail to log S3 data events.
  • B. Configure S3 server access logging for the S3 bucket.
  • C. Configure Amazon S3 to send object deletion events to Amazon Simple Email Service (Amazon SES).
  • D. Configure Amazon S3 to send object deletion events to an Amazon EventBridge event bus that publishes to an Amazon Simple Notification Service (Amazon SNS) topic.
  • E. Configure Amazon S3 to send the logs to Amazon Timestream with data storage tiering.
  • F. Configure a new S3 bucket to store the logs with an S3 Lifecycle policy.
Show Suggested Answer Hide Answer
Suggested Answer: ADF 🗳️
by Masonyeoh at May 27, 2023, 5:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cmoreira
Highly Voted 1 year, 5 months ago
Selected Answer: ADF
ADF A or B work, but docs recomment cloud trail: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
upvoted 11 times
...
kaby1987
Highly Voted 1 year, 1 month ago
Selected Answer: ADF
ADF are correct choices.
upvoted 7 times
...
altonh
Most Recent 2 weeks, 1 day ago
Selected Answer: BDF
BDF flows well. ADF, however, does not provide details on how you will store the logs in the new S3 bucket.
upvoted 1 times
...
HSong
4 months, 4 weeks ago
"We recommend that you use CloudTrail for logging bucket-level and object-level actions for your Amazon S3 resources."
upvoted 3 times
...
dragongoseki
7 months, 2 weeks ago
Selected Answer: ADE
ADFis right answer.
upvoted 1 times
...
Helpnosense
7 months, 2 weeks ago
Selected Answer: BDF
Both A and B can log s3 activities. Difference is A real time log but cost more. B log has delay but cheaper. The requirement is the most cost-effective so choose B to meet this requirement.
upvoted 4 times
...
seetpt
9 months, 1 week ago
Selected Answer: ADF
ADF logs everything, BDF doesnt.
upvoted 3 times
...
titi_r
10 months, 1 week ago
Selected Answer: BDF
BDF meet the requirements.
upvoted 3 times
...
liquen14
11 months ago
Selected Answer: ADF
Probably B is cheaper but A is safer and more accurate and remember the "The company must log ALL activities for objects" According to this https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html#LogDeliveryBestEffort "The log record for a particular request might be delivered long after the request was actually processed, or it might not be delivered at all. " so for me is A not B
upvoted 5 times
...
Russs99
11 months, 3 weeks ago
Selected Answer: BDF
Given the requirement to log all activities for objects in an S3 bucket and keep logs for 5 years, combined with a focus on cost-effectiveness, S3 server access logging (Option B) would indeed be a cheaper solution for capturing basic access logs. However, for advanced auditing and compliance requirements where detailed API call tracking is needed, CloudTrail's data event logging provides valuable insights that S3 access logs do not.
upvoted 4 times
...
ninomfr64
1 year ago
Selected Answer: BDF
B is cheaper than A AWS CloudTrail (A) - Management events (first delivery) are free; data events incur a fee, in addition to storage of logs S3 Server Logs (B) - No other cost in addition to storage of logs https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html#:~:text=S3%20Server%20Logs-,Price,-Management%20events%20(first
upvoted 1 times
...
gagol14
1 year ago
Selected Answer: ADF
For capturing object-level events, such as object deletions, you would typically use Amazon S3 Event Notifications or enable AWS CloudTrail data events for S3.
upvoted 4 times
...
Jane1234YIP
1 year ago
S3 server access logging does not capture object-level events like object deletions. so I will go ADF.
upvoted 3 times
cox1960
1 year ago
wrong. check "operation" in https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html BDF
upvoted 5 times
...
...
adelynllllllllll
1 year, 1 month ago
BDF Because it asked for cost-effective.
upvoted 1 times
...
mosalahs
1 year, 1 month ago
Selected Answer: BDF
B is better than A because S3 server logs -- > Cost efficient and get more log information (Lifecycle, Authentication info) Link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
upvoted 2 times
...
tuh22
1 year, 1 month ago
Selected Answer: BDF
My Choice
upvoted 1 times
...
heatblur
1 year, 2 months ago
ADF are correct choices. Using server access logging provides basic access logs for requests made to the S3 bucket, but it is not as comprehensive for auditing purposes as CloudTrail and can result in a large volume of data, increasing costs.
upvoted 3 times
ninomfr64
1 year ago
S3 Server Access log is cheaper as you only pay for the storage of logs, while CloudTrail Data Event incur into additional cost + storage of logs. https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html S3 Server Access log - You can use server access logs for the following purposes: Performing security and access audits Learning about your customer base Understanding your Amazon S3 bill https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago