ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 217 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 217
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A security engineer needs to analyze Apache web server access logs that are stored in an Amazon S3 bucket. Amazon EC2 instance web servers generated the logs. The EC2 instances have the Amazon CloudWatch agent installed and configured to report their access logs.

The security engineer needs to use a query in Amazon Athena to analyze the logs. The query must identify IP addresses that have attempted and failed to access restricted web server content held at the /admin URL path. The query also must identify the URLs that the IP addresses attempted to access.

Which query will meet these requirements?

  • A. SELECT client_ip, client_request FROM logs WHERE client_request LIKE '%/admin%!’ AND server_status = '403’
  • B. SELECT client_ip FROM logs WHERE client_request CONTAINS '%/admin%’ AND server_status = '401' GROUP BY client_ip
  • C. SELECT DISTINCT (client_ip), client_request, client_id FROM logs WHERE server status = ‘403’ LIMIT 1000
  • D. SELECT DISTINCT (client_ip), client_request FROM logs WHERE user_id <> ‘admin’ AND server_status = ‘401!’
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by IPLogic at Dec. 4, 2024, 11:02 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IPLogic
4 months, 2 weeks ago
Selected Answer: A
A. SELECT client_ip, client_request FROM logs WHERE client_request LIKE ‘%/admin%’ AND server_status = ‘403’ client_ip: This field identifies the IP addresses that attempted to access the restricted content. client_request: This field shows the URLs that the IP addresses attempted to access. LIKE ‘%/admin%’: This condition filters the requests to those targeting the /admin URL path. server_status = ‘403’: This condition ensures that only failed access attempts (HTTP 403 Forbidden status) are included in the results. This query will help the security engineer identify both the IP addresses and the specific URLs they attempted to access, which is crucial for analyzing unauthorized access attempts.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago