Q73 — AWS DEA-C01 Ch.1
Question 73 of 100 | ← Chapter 1
A company plans to provision a log delivery stream within a VPC. The company configured the VPC flow logs to publish to Amazon CloudWatch Logs. The company needs to send the flow logs to Splunk in near real time for further analysis. Which solution will meet these requirements with the LEAST operational overhead?
- A. Configure an Amazon Kinesis Data Streams data stream to use Splunk as the destination. Create a CloudWatch Logs subscription filter to send log events to the data stream.
- B. Create an Amazon Kinesis Data Firehose delivery stream to use Splunk as the destination. Create a CloudWatch Logs subscription filter to send log events to the delivery stream. ✓
- C. Create an Amazon Kinesis Data Firehose delivery stream to use Splunk as the destination. Create an AWS Lambda function to send the flow logs from CloudWatch Logs to the delivery stream.
- D. Configure an Amazon Kinesis Data Streams data stream to use Splunk as the destination. Create an AWS Lambda function to send the flow logs from CloudWatch Logs to the data stream.
Correct Answer: B. Create an Amazon Kinesis Data Firehose delivery stream to use Splunk as the destination. Create a CloudWatch Logs subscription filter to send log events to the delivery stream.
Explanation
为了将VPC流日志近实时地发送到Splunk进行进一步分析,同时要求操作开销最小,最佳方案是利用AmazonKinesisDataFirehose。KinesisDataFirehose能够直接将数据流传输到Splunk,无需额外的数据处理或转换步骤。通过创建一个CloudWatchLogs订阅过滤器,可以直接将日志事件发送到KinesisDataFirehose交付流,从而实现近实时的日志分析,同时最小化操作开销。因此,选项B是正确的答案。