AWS Certified Security – Specialty (SCS-C02) — Question 147

A company has decided to move its fleet of Linux-based web server instances to an Amazon EC2 Auto Scaling group. Currently, the instances are static and are launched manually. When an administrator needs to view log files, the administrator uses SSH to establish a connection to the instances and retrieves the logs manually.

The company often needs to query the logs to produce results about application sessions and user issues. The company does not want its new automatically scaling architecture to result in the loss of any log files when instances are scaled in.

Which combination of steps should a security engineer take to meet these requirements MOST cost-effectively? (Choose two.)

Answer options

• A. Configure a cron job on the instances to forward the log files to Amazon S3 periodically.
• B. Configure AWS Glue and Amazon Athena to query the log files.
• C. Configure the Amazon CloudWatch agent on the instances to forward the logs to Amazon CloudWatch Logs.
• D. Configure Amazon CloudWatch Logs Insights to query the log files.
• E. Configure the instances to write the logs to an Amazon Elastic File System (Amazon EFS) volume.

Correct answer: C, D

Explanation

The correct answers are C and D because configuring the Amazon CloudWatch agent allows the logs to be automatically sent to Amazon CloudWatch Logs, ensuring no logs are lost when instances scale in. Additionally, using Amazon CloudWatch Logs Insights enables efficient querying of these logs without direct access to the instances. Options A and E do not provide the same level of automated log management and querying capabilities in this context.