Q13 — AWS SCS-C02 Ch.1
Question 13 of 100 | ← Chapter 1
A company wants to create a log analytics solution for logs generated from its on-premises devices. The logs are collected from the devices onto a server on premises. The company wants to use AWS services to perform near real-time log analysis. The company also wants to store these logs for 365 days for pattern matching and substring search capabilities later. Which solution will meet these requirements with the LEAST development overhead?
- A. Install Amazon Kinesis Agent on the on-premises server to send the logs to Amazon DynamoDB. Configure an AWS Lambda trigger on DynamoDB streams to perform near real-time log analysis. Export the DynamoDB data to Amazon S3 periodically. Run Amazon Athena queries for pattern matching and substring search. Set up S3 Lifecycle policies to delete the log data after 365 days.
- B. Install Amazon Managed Streaming for Apache Kafka (Amazon MSK) on the on-premises server. Create an MSK cluster to collect the streaming data and analyze the data in real time. Set the data retention period to 365 days to store the logs persistently for pattern matching and substring search.
- C. Install Amazon Kinesis Agent on the on-premises server to send the logs to Amazon Kinesis Data Firehose. Configure Amazon Managed Service for Apache Flink (previously known as Amazon Kinesis Data Analytics) as the destination for real-time processing. Store the logs in Amazon OpenSearch Service for pattern matching and substring search. Configure an OpenSearch Service Index State Management (ISM) policy to delete the data after 365 days. ✓
- D. Use Amazon API Gateway and AWS Lambda to write the logs from the on-premises server to Amazon DynamoDB. Configure a Lambda trigger on DynamoDB streams to perform near real-time log analysis. Run Amazon Athena federated queries on DynamoDB data for pattern matching and substring search. Set up TTL to delete data after 365 days.
Correct Answer: C. Install Amazon Kinesis Agent on the on-premises server to send the logs to Amazon Kinesis Data Firehose. Configure Amazon Managed Service for Apache Flink (previously known as Amazon Kinesis Data Analytics) as the destination for real-time processing. Store the logs in Amazon OpenSearch Service for pattern matching and substring search. Configure an OpenSearch Service Index State Management (ISM) policy to delete the data after 365 days.
Explanation
AWS服务集成方案中,实时流数据处理通常结合Kinesis、Lambda、Managed Flink等组件。Amazon OpenSearch Service(原Elasticsearch)提供全文检索、复杂查询(如正则表达式),适用于日志分析场景。根据AWS架构最佳实践,Kinesis Data Firehose可直接将流数据持久化到S3、Redshift或OpenSearch,无需自定义代码转换。索引生命周期管理(ISM)支持基于时间自动删除旧数据,替代手动维护。选项C通过托管服务组合实现了端到端的日志收集、实时处理和长期存储,其他方案在存储层(DynamoDB不适合复杂查询)、分析能力(MSK需自行处理流计算)或数据归档机制(Athena需额外ETL)存在更高开发复杂度。参考AWS白皮书《Analyzing Log Data》及服务文档中关于OpenSearch文本分析功能的说明。