Examice

Exam SCS-C02 All QuestionsBrowse all questions from this exam

Question 160

A company needs to create a centralized solution to analyze log files. The company uses an organization in AWS Organizations to manage its AWS accounts.

The solution must aggregate and normalize events from the following sources:

• The entire organization in Organizations

• All AWS Marketplace offerings that run in the company’s AWS accounts

• The company's on-premises systems

Which solution will meet these requirements?

Configure a centralized Amazon S3 bucket for the logs. Enable VPC Flow Logs, AWS CloudTrail. and Amazon Route 53 logs in all accounts. Configure all accounts to use the centralized S3 bucket. Configure AWS Glue crawlers to parse the log files. Use Amazon Athena to query the log data.

Configure log streams in Amazon CloudWatch Logs for the sources that need monitoring Create log subscription filters for each log stream. Forward the messages to Amazon OpenSearch Service for analysis.

Set up a delegated Amazon Security Lake administrator account in Organizations. Enable and configure Security Lake for the organization. Add the accounts that need monitoring. Use Amazon Athena to query the log data.

Apply an SCP to configure all member accounts and services to deliver log files to a centralized Amazon S3 bucket. Use Amazon OpenSearch Service to query the centralized S3 bucket for log entries.

Correct Answer: C

To meet the requirements of aggregating and normalizing events from the entire organization, AWS Marketplace offerings, and on-premises systems, setting up a delegated Amazon Security Lake administrator account in AWS Organizations is the best solution. Amazon Security Lake can centralize security data from various sources, including AWS environments, SaaS providers, on-premises systems, and cloud sources, into a purpose-built data lake. The service also supports OCSF, which helps in normalizing the data. Using Amazon Athena allows querying of the log data efficiently.

Discussion

cumzle_comOption: C

Considering the requirements to aggregate and normalize logs from the entire AWS organization, AWS Marketplace offerings, and on-premises systems into a centralized solution for analysis, Amazon Security Lake appears to provide a more comprehensive and automated approach compared to Options A/B

grekh001

C Amazon Security Lake automatically centralizes security data from AWS environments, SaaS providers, on premises, and cloud sources into a purpose-built data lake stored in your account. With OCSF support, the service normalizes and combines security data from AWS and a broad range of enterprise security data sources. https://aws.amazon.com/security-lake/

aescudero51Option: B

Answer A: While S3 can store logs centrally, it lacks the log management and analysis features of CloudWatch Logs and OpenSearch Service. Additionally, using Glue crawlers and Athena would be a more complex approach for real-time analysis. Answer C: Security Lake is primarily focused on security data analysis, and it might be overkill for general log analysis from various sources. Answer D: SCP can enforce centralized log storage in S3, but it wouldn't offer the collection, filtering, and advanced analytics capabilities needed. Additionally, querying logs directly from S3 with OpenSearch Service would be inefficient. Therefore, Answer B offers a centralized, flexible, and scalable solution for collecting, filtering, and analyzing logs from the organization, on-premises systems, and AWS Marketplace offerings.

grekh001

The solution must aggregate and normalize events... Option B does not address normalization. Secruity Lake does.

xekiva3329Option: C

answer: C