AWS Certified SysOps Administrator – Associate (legacy) — Question 495

A SysOps Administrator is maintaining a web application using an Amazon CloudFront web distribution, an Application Load Balancer (ALB), Amazon RDS, and
Amazon EC2 in a VPC. All services have logging enabled. The Administrator needs to investigate HTTP Layer 7 status codes from the web application.
Which log sources contain the status codes? (Choose two.)

Answer options

• A. VPC Flow Logs
• B. AWS CloudTrail logs
• C. ALB access logs
• D. CloudFront access logs
• E. RDS logs

Correct answer: B, D

Explanation

CloudFront access logs (D) capture detailed records of every user request delivered through the CDN, which explicitly includes the HTTP status codes returned to clients. AWS CloudTrail logs (B) record AWS API activity, which operates at Layer 7 and includes HTTP status codes reflecting the success or failure of those API actions. VPC Flow Logs (A) only record Layer 4 IP traffic and lack HTTP details, while RDS logs (E) capture database transactions rather than web application Layer 7 HTTP status codes.