AWS Certified Data Analytics – Specialty — Question 46

An Amazon Redshift database contains sensitive user data. Logging is necessary to meet compliance requirements. The logs must contain database authentication attempts, connections, and disconnections. The logs must also contain each query run against the database and record which database user ran each query.
Which steps will create the required logs?

Answer options

• A. Enable Amazon Redshift Enhanced VPC Routing. Enable VPC Flow Logs to monitor traffic.
• B. Allow access to the Amazon Redshift database using AWS IAM only. Log access using AWS CloudTrail.
• C. Enable audit logging for Amazon Redshift using the AWS Management Console or the AWS CLI.
• D. Enable and download audit reports from AWS Artifact.

Correct answer: C

Explanation

The correct answer is C because enabling audit logging for Amazon Redshift directly captures all necessary authentication attempts, connections, disconnections, and queries along with the associated users. Option A focuses on network traffic monitoring, which does not provide the specific log details required. Option B involves using AWS IAM and CloudTrail, but does not specifically address the need for detailed query logging. Option D pertains to obtaining reports from AWS Artifact, which is not relevant for real-time logging requirements.