Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 125 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 125
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

An Amazon EC2 Auto Scaling group launches Amazon Linux EC2 instances and installs the Amazon CloudWatch agent to publish logs to Amazon CloudWatch Logs. The EC2 instances launch with an IAM role that has an IAM policy attached. The policy provides access to publish custom metrics to CloudWatch. The EC2 instances run in a private subnet inside a VPC The VPC provides access to the internet for private subnets through a NAT gateway.

A security engineer notices that no logs are being published to CloudWatch Logs for the EC2 instances that the Auto Scaling group launches. The security engineer validates that the CloudWatch Logs agent is running and is configured properly on the EC2 instances. In addition, the security engineer validates that network communications are working properly to AWS services.

What can the security engineer do to ensure that the logs are published to CloudWatch Logs?

  • A. Configure the IAM policy in use by the IAM role to have access to the required cloudwatch: API actions that will publish logs.
  • B. Adjust the Amazon EC2 Auto Scaling service-linked role to have permissions to write to CloudWatch Logs.
  • C. Configure the IAM policy in use by the IAM role to have access to the required AWS logs: API actions that will publish logs.
  • D. Add an interface VPC endpoint to provide a route to CloudWatch Logs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by krishnavamshireddy at May 9, 2024, 7:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Lingo43
1 month ago
Selected Answer: C
The scenario describes that the CloudWatch agent is running, the network is working, and the IAM role already has permissions to publish custom metrics. This suggests that the issue lies in the IAM permissions related specifically to publishing logs. The CloudWatch Logs agent needs permissions to interact with the CloudWatch Logs service, which is governed by the logs: API actions.
upvoted 1 times
...
xTrayusx
2 months ago
Selected Answer: C
C, it's logs:* actions
upvoted 1 times
helloworldabc
2 weeks, 4 days ago
just A
upvoted 1 times
...
...
navid1365
2 months, 1 week ago
Selected Answer: A
A is correct.
upvoted 1 times
...
1923
2 months, 2 weeks ago
chatgpt saids "D"
upvoted 1 times
...
aescudero51
3 months, 4 weeks ago
Selected Answer: A
My answer is A https://docs.aws.amazon.com/aws-managed-policy/latest/reference/CloudWatchFullAccess.html
upvoted 1 times
...
Certified101
4 months, 2 weeks ago
Selected Answer: A
Must be A - it states that the networking is fine in this scenario.
upvoted 1 times
...
Zek
4 months, 3 weeks ago
A The problem is with the ec2 instance not being able to publish logs from the cloudwatch agent running on the instance and not really to do with the autoscaling service role. The auto scaling service role will instead require the following Create, describe, modify, and delete CloudWatch alarms for scaling policies and retrieve metrics used for predictive scaling. https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-service-linked-role.html#service-linked-role-permissions
upvoted 2 times
...
danish1234
4 months, 3 weeks ago
Selected Answer: A
A is the answer . have to check IAM roles used by ec2.
upvoted 2 times
...
krishnavamshireddy
4 months, 4 weeks ago
Answer is D
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel