Q51 — AWS ANS-C01 Ch.1

Question 51 of 100 | ← Chapter 1

A company has deployed an AWS Network Firewall ¦rewall into a VPC. A network engineer needs to implement a solution to deliver Network Firewall §ow logs to the company’s Amazon OpenSearch Service (Amazon Elasticsearch Service) cluster in the shortest possible time. Which solution will meet these requirements?

Correct Answer: B. Create an Amazon Kinesis Data Firehose delivery stream that includes the Amazon OpenSearch Service (Amazon Elasticsearch Service) Cluster as the destination. Con¦gure §ow logs for the ¦rewall Set the Kinesis Data Firehose delivery stream as the destination for the Network Firewall §ow logs.

Explanation

答案B是正确的。在AWS环境中,要在最短时间内将网络防火墙的流日志传递到AmazonOpenSearchService集群,创建一个包括AmazonOpenSearchService集群作为目标的AmazonKinesisDataFirehose交付流是较为高效的方式。通过配置防火墙的流日志,并将KinesisDataFirehose交付流设置为目标,可以快速实现日志的传输和处理。选项A涉及到额外的S3桶和Lambda函数,增加了复杂性和可能的延迟。选项C直接将AmazonOpenSearchService集群设置为目标可能不是最优的,因为缺乏中间的高效传输机制。选项D中创建的Kinesis数据流可能不如KinesisDataFirehose交付流适合此场景。综上,选项B是满足需求的最佳解决方案。 查看全部