AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A global e-commerce company has deployed a microservices application on AWS using a combination of Amazon EKS, AWS Lambda, and Amazon EC2 instances. The platform generates a high volume of structured (JSON) and unstructured application logs. The security team requires near real-time analysis of logs for threat detection. The operations team needs a solution for application performance monitoring (APM) with complex query capabilities. Additionally, all logs must be retained for 7 years for compliance, with a focus on minimizing storage costs. The company wants a solution that maximizes the use of managed services to reduce operational overhead. Which logging and monitoring strategy is the most appropriate to meet all these requirements?
Configure all services to send logs to Amazon CloudWatch Logs. Use CloudWatch Logs subscription filters to stream logs to an Amazon OpenSearch Service domain for real-time security analysis and APM. Use a separate subscription filter with Amazon Kinesis Data Firehose to deliver logs to Amazon S3 for long-term retention.
Install the CloudWatch agent on all EC2 and EKS nodes to send logs directly to an Amazon S3 bucket. Use Amazon Athena to query the logs for security analysis and APM. Implement an S3 Lifecycle policy to transition logs for long-term retention.
Stream all logs to a central Amazon Kinesis Data Stream. Configure an AWS Lambda function to process the stream, filtering and storing logs in an Amazon Redshift cluster for analysis. Use Amazon Redshift's UNLOAD command to archive old data to Amazon S3.
Deploy a self-managed Elasticsearch, Logstash, and Kibana (ELK) stack on a fleet of EC2 instances. Configure log forwarders on all services to send logs directly to this cluster. Create a custom script to periodically snapshot indices and copy them to Amazon S3 for backup.
The correct approach is to centralize logs in Amazon CloudWatch and then stream them to specialized services for different purposes. Using a CloudWatch Logs subscription filter to stream logs to an Amazon OpenSearch Service domain addresses the need for near real-time, complex query capabilities for security analysis and APM. For long-term, cost-effective archival, a separate subscription filter should send the logs to Amazon S3 via an Amazon Kinesis Data Firehose delivery stream. This allows the use of S3 Lifecycle policies to transition the data to the most cost-effective storage tier, such as S3 Glacier Deep Archive. This strategy meets all requirements using fully managed services, thereby reducing operational overhead.
Using Amazon Athena for security and APM analysis does not meet the near real-time requirement, as it is designed for ad-hoc interactive queries on data in S3, not for real-time alerting or monitoring. Deploying a self-managed Elasticsearch cluster on EC2 instances would introduce significant operational overhead for management, patching, and scaling, which contradicts a key requirement. Using Amazon Redshift is not optimal for this use case; Redshift is a data warehouse best suited for large-scale structured data analysis and business intelligence, not for searching and analyzing unstructured and semi-structured log data in real time.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of Amazon CloudWatch Logs in a logging and monitoring strategy?
Open an interactive chat with Bash
How does Amazon OpenSearch Service provide real-time analytics and APM?
Open an interactive chat with Bash
Why is Amazon S3 with Kinesis Data Firehose used for long-term log retention?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Continuous Improvement for Existing Solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access