AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
Your company runs an API behind an Application Load Balancer that is protected by an AWS WAFv2 web ACL. Security engineers must audit every request that AWS WAF blocks, keep the detailed records for at least 30 days, and let analysts run ad-hoc SQL queries on this data with minimal operations effort and cost. Which solution meets these requirements?
Publish AWS WAF metrics to Amazon CloudWatch, retain the metrics for 30 days, and analyze them with CloudWatch Logs Insights.
Turn on Application Load Balancer access logging to S3 and have analysts use Amazon Athena to search for HTTP 403 responses.
Enable AWS WAF logging and configure a Kinesis Data Firehose delivery stream that sends the logs to an S3 bucket with a 30-day lifecycle policy; analysts query the data with Amazon Athena.
Enable AWS CloudTrail data events for the load balancer and stream the logs to Amazon OpenSearch Service for querying.
AWS WAF can stream detailed JSON logs of every evaluated request to Amazon Kinesis Data Firehose. Firehose can then deliver the records directly to an S3 bucket, where an S3 Lifecycle rule can transition or expire objects after 30 days to control storage costs. Because the data is stored in S3, analysts can create an Athena table and run ad-hoc SQL queries without additional infrastructure.
Application Load Balancer access logs do not include the specific WAF rule that caused a block action, so they cannot satisfy the audit requirement. CloudWatch metrics expose only aggregated counts, not request-level details, and CloudWatch Logs Insights cannot query data that is never written to Logs. CloudTrail records control-plane API calls, not the individual HTTP requests processed by the load balancer or WAF. Therefore, enabling AWS WAF logging through Kinesis Data Firehose to S3 with Athena querying is the only option that meets all stated needs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS WAFv2, and how does it work?
Open an interactive chat with Bash
How does Amazon Kinesis Data Firehose deliver logs to S3?
Open an interactive chat with Bash
What is Amazon Athena, and how does it query data in S3?
Open an interactive chat with Bash
What is AWS WAF and how does it work?
Open an interactive chat with Bash
How does Amazon Kinesis Data Firehose integrate with AWS WAF logging?
Open an interactive chat with Bash
What advantage does Amazon Athena provide for querying AWS WAF logs?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .