A company used a lift-and-shift approach to migrate from its on-premises data centers to…

Question

A company used a lift-and-shift approach to migrate from its on-premises data centers to the AWS Cloud. The company migrated on-premises VMs to Amazon EC2 instances. Now the company wants to replace some of components that are running on the EC2 instances with managed AWS services that provide similar functionality.
Initially, the company will transition from load balancer software that runs on EC2 instances to AWS Elastic Load Balancers. A security engineer must ensure that after this transition, all the load balancer logs are centralized and searchable for auditing. The security engineer must also ensure that metrics are generated to show which ciphers are in use.
Which solution will meet these requirements?

Accepted Answer

Correct answer: C. C. Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3 bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create Athena queries for the required metrics. Publish the metrics to Amazon CloudWatch. — Option C is correct because it uses Amazon S3 for log storage and Amazon Athena for searching logs, allowing for flexible querying, and it also includes publishing metrics to Amazon CloudWatch, which is essential for monitoring cipher usage. Option A is incorrect as it does not utilize Amazon Athena for log searching, limiting its capabilities. Option B lacks the metric publishing aspect, making it less effective for auditing and monitoring purposes. Option D, while similar to C, uses the AWS Management Console for log searching, which is less efficient than using Athena.

AWS Certified Security – Specialty (SCS-C02) — Question 57

Answer options

Correct answer: C

Explanation