AWS Certified Solutions Architect – Associate (SAA-C03) — Question 218

A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.

What should a solutions architect do to meet these requirements when configuring the logs?

Answer options

• A. Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days
• B. Use Amazon Kinesis as the target. Configure the Kinesis stream to always retain the logs for 90 days.
• C. Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering.
• D. Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days.

Correct answer: D

Explanation

The correct answer is D because using Amazon S3 with a lifecycle policy allows for efficient cost management by transitioning logs to a less expensive storage class after the initial access period. Option A incorrectly suggests using CloudWatch, which does not fit the long-term storage requirement. Option B is not suitable since Kinesis is designed for real-time data processing rather than long-term log storage. Option C does not align with the need for managing access patterns, as CloudTrail is primarily for API call logging, not for VPC Flow Logs.