AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 52

A company hosts an application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company recently experienced a network security breach. A network engineer must collect and analyze logs that include the client IP address, target IP address, target port, and user agent of each user that accesses the application.
What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Configure the ALB to store logs in an Amazon S3 bucket. Download the files from Amazon S3, and use a spreadsheet application to analyze the logs.
• B. Configure the ALB to push logs to Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to analyze the logs.
• C. Configure Amazon Kinesis Data Streams to stream data from the ALB to Amazon OpenSearch Service (Amazon Elasticsearch Service). Use search operations in Amazon OpenSearch Service (Amazon Elasticsearch Service) to analyze the data.
• D. Configure the ALB to store logs in an Amazon S3 bucket. Use Amazon Athena to analyze the logs in Amazon S3.

Correct answer: D

Explanation

The correct answer is D, as it allows for efficient log analysis directly from Amazon S3 using Amazon Athena, which is serverless and requires no infrastructure management. Option A involves manual steps that are less efficient, option B relies on Kinesis Data Streams and Kinesis Data Analytics, which adds complexity, and option C introduces even more components with OpenSearch, making it less operationally efficient.