ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 12 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 12
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

An international company has established a new business entity in South Korea. The company also has established a new AWS account to contain the workload for the South Korean region. The company has set up the workload in the new account in the ap-northeast-2 Region. The workload consists of three Auto Scaling groups of Amazon EC2 instances. All workloads that operate in this Region must keep system logs and application logs for 7 years.
A security engineer must implement a solution to ensure that no logging data is lost for each instance during scaling activities. The solution also must keep the logs for only the required period of 7 years.
Which combination of steps should the security engineer take to meet these requirements? (Choose three.)

  • A. Ensure that the Amazon CloudWatch agent is installed on all the EC2 instances that the Auto Scaling groups launch. Generate a CloudWatch agent configuration file to forward the required logs to Amazon CloudWatch Logs.
  • B. Set the log retention for desired log groups to 7 years.
  • C. Attach an IAM role to the launch configuration or launch template that the Auto Scaling groups use. Configure the role to provide the necessary permissions to forward logs to Amazon CloudWatch Logs.
  • D. Attach an IAM role to the launch configuration or launch template that the Auto Scaling groups use. Configure the role to provide the necessary permissions to forward logs to Amazon S3.
  • E. Ensure that a log forwarding application is installed on all the EC2 instances that the Auto Scaling groups launch. Configure the log forwarding application to periodically bundle the logs and forward the logs to Amazon S3.
  • F. Configure an Amazon S3 Lifecycle policy on the target S3 bucket to expire objects after 7 years.
Show Suggested Answer Hide Answer
Suggested Answer: ABC 🗳️
by aragon_saa at Oct. 4, 2023, 1:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
FunkyFresco
6 months, 2 weeks ago
Selected Answer: ABC
ABC adjust more to the question. No need of external applications to send logs.
upvoted 2 times
...
nischal77777
6 months, 3 weeks ago
ABC IS CORRECT OPTION
upvoted 1 times
...
liuyomz
10 months, 1 week ago
Selected Answer: ABC
ABC is the most straighfoward and elegant solution here
upvoted 1 times
...
Raphaello
1 year ago
Selected Answer: ABC
ABC. EC2 (with a role allowing sending events) >> CloudWatch agent >> CloudWatch Logs >> CloudWatch Logs retention period
upvoted 2 times
...
Daniel76
1 year, 3 months ago
Selected Answer: ACF
As the log data for 7 years will be expensive, use AWS S3 Lifecycle Management to transfer data to lower cost storage class will be more cost effective solution. https://medium.com/avmconsulting-blog/aws-s3-lifecycle-management-1ed2f67c3b73
upvoted 3 times
mav3r1ck
1 year, 2 months ago
I would go for ACF if the asked is "COST-EFFECTIVE" solution. But leaning to ABF, as Cloudwatch logs support up to 10yrs of retention as well. Feel free to disagree if you think I'm wrong. https://docs.aws.amazon.com/managedservices/latest/userguide/log-customize-retention.html
upvoted 4 times
Daniel76
1 year, 2 months ago
Agree it should not be ACF but ABC. ACF does not explain how cloudwatch log end s up in s3. (seems that it requires a lambda function to automate) In fact, if S3 is the chosen path then it can only be DEF for consistency. But this combination assume that s3 bucket policy has been configured and the log forwarding application configured can reliably send all logs data without losing any.
upvoted 4 times
...
...
...
Karamen
1 year, 4 months ago
ABC there isn't good option to forwarding log from EC2 to S3 bucket.
upvoted 4 times
...
lalee2
1 year, 4 months ago
Selected Answer: ABC
CloudWatch agent -> CloudWatch Logs, IAM role to launch template -> CloudWatch Logs
upvoted 1 times
...
pupsik
1 year, 4 months ago
Selected Answer: ABC
ABC it is.
upvoted 2 times
...
KR693
1 year, 4 months ago
A, B and C
upvoted 1 times
...
100fold
1 year, 4 months ago
Selected Answer: ABC
Answer ABC
upvoted 1 times
...
aragon_saa
1 year, 5 months ago
https://www.examtopics.com/discussions/amazon/view/89514-exam-aws-certified-security-specialty-topic-1-question-451/
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago