AWS Certified Security – Specialty (SCS-C02) — Question 235

A company needs to analyze access logs for an Application Load Balancer (ALB). The ALB directs traffic to the company’s online login portal. The company needs to use visualizations to identify login attempts by bots from a list of known IP sources.

Which solution will meet these requirements?

Answer options

• A. Configure the ALB to send logs directly to Amazon CloudWatch Logs. Analyze and visualize the logs by using CloudWatch Logs Insights.
• B. Configure the ALB to send logs directly to Amazon Redshift. Analyze the logs by using SQL queries. Visualize the logs by using custom reports.
• C. Configure the ALB to send logs directly to Amazon OpenSearch Service. Analyze the logs by using OpenSearch dashboards. Visualize the logs by using custom OpenSearch dashboards.
• D. Configure the ALB to send logs directly to an Amazon S3 bucket. Analyze the logs by using Amazon Athena. Visualize the logs by using Amazon QuickSight.

Correct answer: D

Explanation

The correct choice is D because sending logs to an Amazon S3 bucket allows for flexible storage and retrieval, enabling analysis with Amazon Athena and visualization through Amazon QuickSight. Options A, B, and C involve services that are not as suitable for the specific requirements of analyzing and visualizing logs from an ALB in the context of identifying bot login attempts.