Learn the most cost-effective way to query log files in an Amazon EC2 Auto Scaling environment for the AWS Certified Security – Specialty exam. Discover the optimal combination of AWS services to forward and analyze logs without data loss.
Table of Contents
Question
A company has decided to move its fleet of Linux-based web server instances to an Amazon EC2 Auto Scaling group. Currently, the instances are static and are launched manually. When an administrator needs to view log files, the administrator uses SSH to establish a connection to the instances and retrieves the logs manually.
The company often needs to query the logs to produce results about application sessions and user issues. The company does not want its new automatically scaling architecture to result in the loss of any log files when instances are scaled in.
Which combination of steps should a security engineer take to meet these requirements MOST cost-effectively? (Choose two.)
A. Configure a cron job on the instances to forward the log files to Amazon S3 periodically.
B. Configure AWS Glue and Amazon Athena to query the log files.
C. Configure the Amazon CloudWatch agent on the instances to forward the logs to Amazon CloudWatch Logs.
D. Configure Amazon CloudWatch Logs Insights to query the log files.
E. Configure the instances to write the logs to an Amazon Elastic File System (Amazon EFS) volume.
Answer
C. Configure the Amazon CloudWatch agent on the instances to forward the logs to Amazon CloudWatch Logs.
D. Configure Amazon CloudWatch Logs Insights to query the log files.
Explanation
The most cost-effective and efficient approach to meet the company’s requirements is to use Amazon CloudWatch Logs in combination with CloudWatch Logs Insights.
By configuring the CloudWatch agent on the EC2 instances, the log files can be automatically forwarded to CloudWatch Logs. This ensures that no log data is lost when instances are scaled in or terminated by the Auto Scaling group. CloudWatch Logs provides a centralized and durable storage solution for log data.
To query the log files and produce results about application sessions and user issues, the security engineer should use CloudWatch Logs Insights. This powerful tool allows for fast and efficient querying of log data using a SQL-like query language. It eliminates the need for additional services like AWS Glue and Amazon Athena, making it more cost-effective.
While options A (forwarding logs to S3) and E (writing logs to EFS) can prevent log data loss, they require additional setup and management. Moreover, querying logs from S3 or EFS would necessitate the use of separate services like AWS Glue and Amazon Athena, increasing complexity and costs.
By leveraging CloudWatch Logs and CloudWatch Logs Insights, the company can achieve its goals of preventing log data loss, enabling efficient querying, and maintaining a cost-effective solution in an Auto Scaling environment.
Amazon AWS Certified Security – Specialty SCS-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Security – Specialty SCS-C02 exam and earn Amazon AWS Certified Security – Specialty SCS-C02 certification.