AWS Certified Solutions Architect – Associate (SAA-C02) — Question 531

A company is using an Application Load Balancer (ALB) to present its application to the internet. The company finds abnormal traffic access patterns across the application. A solutions architect needs to improve visibility into the infrastructure to help the company understand these abnormalities better.
What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Create a table in Amazon Athena for AWS CloudTrail logs. Create a query for the relevant information.
• B. Enable ALB access logging to Amazon S3. Create a table in Amazon Athena, and query the logs.
• C. Enable ALB access logging to Amazon S3. Open each file in a text editor, and search each line for the relevant information.
• D. Use Amazon EMR on a dedicated Amazon EC2 instance to directly query the ALB to acquire traffic access log information.

Correct answer: B

Explanation

Enabling ALB access logs to Amazon S3 and querying them with Amazon Athena is the most operationally efficient method to analyze detailed HTTP request traffic. AWS CloudTrail logs do not capture individual application-level network traffic details, making them unsuitable for this scenario. Manually reviewing files in a text editor is highly inefficient and unscalable, while setting up an Amazon EMR cluster introduces unnecessary operational complexity and cost compared to serverless queries in Athena.