ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Advanced Networking - Specialty ANS-C01 All Questions

View all questions & answers for the AWS Certified Advanced Networking - Specialty ANS-C01 exam
Go to Exam

Exam AWS Certified Advanced Networking - Specialty ANS-C01 topic 1 question 154 discussion

Exam question from Amazon's AWS Certified Advanced Networking - Specialty ANS-C01
Question #: 154
Topic #: 1
[All AWS Certified Advanced Networking - Specialty ANS-C01 Questions]

A company hosts a web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The company uses an Amazon CloudFront distribution with the ALB as an origin.

The application recently experienced an attack. In response, the company associated an AWS WAF web ACL with the CloudFront distribution. The company needs to use Amazon Athena to analyze application attacks that AWS WAF detects.

Which solution will meet this requirement?

  • A. Configure the ALB and the EC2 instance subnets to produce VPC flow logs. Configure the VPC flow logs to deliver logs to an Amazon S3 bucket for log analysis.
  • B. Create a trail in AWS CloudTrail to capture data events. Configure the trail to deliver logs to an Amazon S3 bucket for log analysis.
  • C. Configure the AWS WAF web ACL to deliver logs to an Amazon Kinesis Data Firehose delivery stream. Configure the stream to deliver the data to an Amazon S3 bucket for log analysis.
  • D. Turn on access logging for the ALB. Configure the access logs to deliver the logs to an Amazon S3 bucket for log analysis.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Neo00 at July 25, 2023, 7:58 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Neo00
Highly Voted 1 year, 6 months ago
Selected Answer: C
C To send logs to Amazon Kinesis Data Firehose, you send logs from your web ACL to an Amazon Kinesis Data Firehose with a configured storage destination. After you enable logging, AWS WAF delivers logs to your storage destination through the HTTPS endpoint of Kinesis Data Firehose.
upvoted 5 times
JoseCC
1 year, 5 months ago
C Correct. https://aws.amazon.com/blogs/security/trimming-aws-waf-logs-with-amazon-kinesis-firehose-transformations/
upvoted 2 times
...
...
woorkim
Most Recent 1 month, 2 weeks ago
Selected Answer: C
A Kinesis Data Firehose delivery stream is used to receive log records from AWS WAF. An IAM role for the Kinesis Data Firehose delivery stream, with permissions needed to invoke Lambda and write to S3. A Lambda function used to filter out WAF records matching the default action before the records are written to S3. An IAM role for the Lambda function, with the permissions needed to create CloudWatch logs (for troubleshooting). An S3 bucket where the WAF logs will be stored.
upvoted 1 times
...
[Removed]
9 months, 2 weeks ago
The big thing here is that according to the scenario the WAF ist attached to CloudFront, so looking at ALB is "too late" ;) With this being said it can only be C
upvoted 3 times
...
vikasj1in
11 months, 2 weeks ago
Selected Answer: C
Options A and D suggest using VPC flow logs and ALB access logs, respectively. While these logs are valuable for specific purposes (network analysis and access patterns), they do not capture the detailed information about web requests and attacks that are logged by AWS WAF. Option B involves AWS CloudTrail, which is more focused on auditing API calls rather than capturing detailed web request information. Therefore, for analyzing application attacks detected by AWS WAF, configuring AWS WAF logs to be delivered to an Amazon Kinesis Data Firehose stream is the recommended approach.
upvoted 3 times
...
ISSDoksim
1 year, 5 months ago
agreed - C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago