Q81 — AWS DOP-C02 Ch.1

Question 81 of 100 | ← Chapter 1

A company sends AWS Network Firewall logs to an Amazon S3 bucket. Later, the company uses Amazon Athena to analyze these logs. Before delivering these logs to the target S3 bucket, the company needs to transform the logs and add additional data. Which solution meets these requirements?

Correct Answer: D. Create an Amazon Kinesis Data Firehose delivery stream configured with an AWS Lambda transformer. Specify the existing S3 bucket as the destination. Change the Network Firewall log destination from Amazon S3 to Kinesis Data Firehose.

Explanation

AWS Network Firewall flow logs require transformation before being stored in the existing S3 bucket. Amazon Kinesis Data Firehose supports real-time data capture and integrates with Lambda for transformation, enabling direct delivery of processed data to a specified S3 bucket. Option D satisfies the requirement by redirecting logs from S3 to Kinesis Data Firehose, applying Lambda-based transformation, and writing the result back to the original S3 bucket—ensuring transformation occurs before final storage. Other options rely on object-created event triggers, meaning data is already written to S3 before processing, violating the prerequisite of pre-storage transformation. Option D correctly reflects Kinesis Data Firehose documentation regarding real-time data transformation and delivery.