AWS Certified Security – Specialty — Question 436

A company has a large number of Amazon S3 buckets and a large number of objects in each S3 bucket. The company's security team wants to analyze the access patterns for the objects and buckets. These patterns include the most frequently accessed buckets and objects, the largest 100 objects downloaded, and the objects with the longest download time from public IP addresses.

The security team wants to view this information in a dashboard that is based on predetermined simple SQL queries.

Which combination of AWS services and features should a security engineer use to provide and display the information to the security team? (Choose three.)

Answer options

• A. Amazon CloudWatch Logs Insights
• B. Amazon S3 server access logs
• C. Amazon CloudWatch Logs
• D. Amazon GuardDuty
• E. Amazon QuickSight
• F. Amazon Athena

Correct answer: B, E, F

Explanation

Amazon S3 server access logs provide comprehensive records of requests, including data sizes and processing times needed for the analysis. Amazon Athena enables the execution of standard SQL queries directly on these log files stored in S3, while Amazon QuickSight integrates seamlessly with Athena to visualize the query results in a dashboard. Other options like CloudWatch Logs and GuardDuty do not support the required SQL-based querying and dashboarding capabilities for S3 access logs.