Q81 — AWS DOP-C02 Ch.1
Question 81 of 100 | ← Chapter 1
A company sends AWS Network Firewall logs to an Amazon S3 bucket. Later, the company uses Amazon Athena to analyze these logs. Before delivering these logs to the target S3 bucket, the company needs to transform the logs and add additional data. Which solution meets these requirements?
- A. Create an AWS Lambda function to transform the data and write a new object to the existing S3 bucket. Configure an S3 trigger on the existing S3 bucket. Specify all object creation events as the event type. Allow recursive invocation.
- B. Enable Amazon EventBridge notifications on the existing S3 bucket. Create a custom event bus. Create an EventBridge rule associated with the custom event bus. Configure the rule to respond to all object creation events for the existing S3 bucket and invoke an AWS Step Functions workflow. Configure a Step Functions task to transform the data and write it to a new S3 bucket.
- C. Create an Amazon EventBridge rule associated with the default event bus. Configure the rule to respond to all object creation events for the existing S3 bucket. Define a new S3 bucket as the rule target. Create an EventBridge input transformation to customize the event before delivering it to the rule target.
- D. Create an Amazon Kinesis Data Firehose delivery stream configured with an AWS Lambda transformer. Specify the existing S3 bucket as the destination. Change the Network Firewall log destination from Amazon S3 to Kinesis Data Firehose. ✓
Correct Answer: D. Create an Amazon Kinesis Data Firehose delivery stream configured with an AWS Lambda transformer. Specify the existing S3 bucket as the destination. Change the Network Firewall log destination from Amazon S3 to Kinesis Data Firehose.
Explanation
AWS Network Firewall flow logs require transformation before being stored in the existing S3 bucket. Amazon Kinesis Data Firehose supports real-time data capture and integrates with Lambda for transformation, enabling direct delivery of processed data to a specified S3 bucket. Option D satisfies the requirement by redirecting logs from S3 to Kinesis Data Firehose, applying Lambda-based transformation, and writing the result back to the original S3 bucket—ensuring transformation occurs before final storage. Other options rely on object-created event triggers, meaning data is already written to S3 before processing, violating the prerequisite of pre-storage transformation. Option D correctly reflects Kinesis Data Firehose documentation regarding real-time data transformation and delivery.