AWS Certified Security – Specialty — Question 42

A Software Engineer wrote a customized reporting service that will run on a fleet of Amazon EC2 instances. The company security policy states that application logs for the reporting service must be centrally collected.
What is the MOST efficient way to meet these requirements?

Answer options

• A. Write an AWS Lambda function that logs into the EC2 instance to pull the application logs from the EC2 instance and persists them into an Amazon S3 bucket.
• B. Enable AWS CloudTrail logging for the AWS account, create a new Amazon S3 bucket, and then configure Amazon CloudWatch Logs to receive the application logs from CloudTrail.
• C. Create a simple cron job on the EC2 instances that synchronizes the application logs to an Amazon S3 bucket by using rsync.
• D. Install the Amazon CloudWatch Logs Agent on the EC2 instances, and configure it to send the application logs to CloudWatch Logs.

Correct answer: D

Explanation

The correct answer is D because installing the Amazon CloudWatch Logs Agent on the EC2 instances allows for direct and efficient transmission of application logs to CloudWatch Logs, ensuring centralized log management. Options A and C involve additional steps and complications, like creating Lambda functions or managing cron jobs, which are less efficient. Option B relies on CloudTrail, which is not specifically designed for application log collection.