ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Analytics - Specialty All Questions

View all questions & answers for the AWS Certified Data Analytics - Specialty exam
Go to Exam

Exam AWS Certified Data Analytics - Specialty topic 1 question 43 discussion

Exam question from Amazon's AWS Certified Data Analytics - Specialty
Question #: 43
Topic #: 1
[All AWS Certified Data Analytics - Specialty Questions]

An Amazon Redshift database contains sensitive user data. Logging is necessary to meet compliance requirements. The logs must contain database authentication attempts, connections, and disconnections. The logs must also contain each query run against the database and record which database user ran each query.
Which steps will create the required logs?

  • A. Enable Amazon Redshift Enhanced VPC Routing. Enable VPC Flow Logs to monitor traffic.
  • B. Allow access to the Amazon Redshift database using AWS IAM only. Log access using AWS CloudTrail.
  • C. Enable audit logging for Amazon Redshift using the AWS Management Console or the AWS CLI.
  • D. Enable and download audit reports from AWS Artifact.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Saaho at Aug. 20, 2020, 6:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Prodip
Highly Voted 3 years, 6 months ago
Its C; Enhanced VPC Routing enforce COPY/UNLOAD to use VPC
upvoted 20 times
awssp12345
3 years, 6 months ago
Agreed Amazon Redshift logs information in the following log files: • Connection log — logs authentication attempts, and connections and disconnections. • User log — logs information about changes to database user definitions. • User activity log — logs each query before it is run on the database. https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
upvoted 8 times
Jh2501
3 years, 6 months ago
I am inclined to C. But does anyone know how come B is not right? CloudTrail is supposed to provide the requested service.
upvoted 2 times
jAWStest
3 years, 5 months ago
https://stackify.com/aws-redshift-monitoring-the-complete-guide/ may help with the difference between cloudtrail and db audit logging
upvoted 5 times
...
...
...
lakediver
3 years, 4 months ago
Agree Further Audit logs can be analysed using Redshift Spectrum https://aws.amazon.com/blogs/big-data/analyze-database-audit-logs-for-security-and-compliance-using-amazon-redshift-spectrum/
upvoted 2 times
...
...
Shraddha
Highly Voted 3 years, 5 months ago
Ans C A = wrong, enhanced VPC routing means data in/out within VPC. B = wrong, CloudTrail do not log data events, only configuration events. D = wrong, nonsense. This is a textbook question. https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
upvoted 8 times
...
pk349
Most Recent 1 year, 11 months ago
C: I passed the test
upvoted 1 times
...
anjuvinayan
2 years ago
Answer is C A-User should connect to VPN first to access Redshift in VPC, in question there is no details regarding VPN B. Only users with AWS access will be able to connect to redshift D. Artifacts is not a solution. Also cloudtrail will log only access to the service and not what happened inside the service
upvoted 2 times
...
cloudlearnerhere
2 years, 5 months ago
Selected Answer: C
Correct answer is C as Redshift Audit Logging can provide the required information. Audit logging is not enabled by default in Amazon Redshift. When you enable logging on your cluster, Amazon Redshift creates and uploads logs to Amazon S3 that capture data from the time audit logging is enabled to the present time. Each logging update is a continuation of the information that was already logged.The connection log, user log, and user activity log are enabled together by using the AWS Management Console, the Amazon Redshift API Reference, or the AWS Command Line Interface (AWS CLI). Amazon Redshift logs information in the following log files: Connection log — logs authentication attempts, and connections and disconnections. User log — logs information about changes to database user definitions. User activity log — logs each query before it is run on the database.
upvoted 3 times
cloudlearnerhere
2 years, 5 months ago
Option A is wrong as Redshift Enhanced VPC Routing supports the use of standard VPC features such as VPC Endpoints, security groups, network ACLs, managed NAT and internet gateways, enabling you to tightly manage the flow of data between your Amazon Redshift cluster and all of your data sources. Option D is wrong as AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
upvoted 1 times
cloudlearnerhere
2 years, 5 months ago
Option B is wrong as Amazon Redshift is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon Redshift. CloudTrail captures all API calls for Amazon Redshift as events. These include calls from the Amazon Redshift console and from code calls to the Amazon Redshift API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon Redshift. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history. Using the information collected by CloudTrail, you can determine certain details. These include the request that was made to Amazon Redshift, the IP address it was made from, who made it, when it was made, and other information.
upvoted 1 times
...
...
...
Arka_01
2 years, 7 months ago
Selected Answer: C
It can be done by enabling Audit Logging of Redshift.
upvoted 1 times
...
rocky48
2 years, 9 months ago
Selected Answer: C
Selected Answer: C
upvoted 1 times
...
MWL
2 years, 11 months ago
Selected Answer: C
This is what Redshift audit log do.
upvoted 1 times
...
jrheen
2 years, 11 months ago
Answer - A , Enhanced Routing
upvoted 1 times
...
Teraxs
2 years, 12 months ago
Selected Answer: C
as discussed by others
upvoted 1 times
...
aws2019
3 years, 5 months ago
Ans is C
upvoted 1 times
...
DerekKey
3 years, 5 months ago
Correct C Amazon Redshift logs information in the following log files: - Connection log — logs authentication attempts, and connections and disconnections. - User log — logs information about changes to database user definitions. - User activity log — logs each query before it is run on the database. The connection log, user log, and user activity log are enabled together by using the AWS Management Console, the Amazon Redshift API Reference, or the AWS Command Line Interface (AWS CLI). https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html
upvoted 3 times
...
lostsoul07
3 years, 5 months ago
C is the right answer
upvoted 2 times
...
mbaexam
3 years, 6 months ago
C for sure: https://aws.amazon.com/premiumsupport/knowledge-center/logs-redshift-database-cluster/
upvoted 1 times
...
BillyC
3 years, 6 months ago
C is correct
upvoted 1 times
...
syu31svc
3 years, 6 months ago
Link provided confirms C as the answer
upvoted 1 times
...
Woong
3 years, 6 months ago
The connection log, user log, and user activity log are enabled together by using the AWS Management Console, the Amazon Redshift API Reference, or the AWS Command Line Interface (AWS CLI). Answer is C
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago