Q62 — AWS SCS-C02 Ch.1
Question 62 of 100 | ← Chapter 1
A company needs to create a centralized solution to analyze log files. The company uses an organization in AWS Organizations to manage its AWS accounts. The solution must aggregate and normalize events from the following sources: - The entire organization in Organizations - All AWS Marketplace offerings that run in the company’s AWS accounts - The company's on-premises systems Which solution will meet these requirements?
- A. Configure a centralized Amazon S3 bucket for the logs. Enable VPC Flow Logs, AWS CloudTrail, and Amazon Route 53 logs in all accounts. Configure all accounts to use the centralized S3 bucket. Configure AWS Glue crawlers to parse the log files. Use Amazon Athena to query the log data.  
- B.  Configure log streams in Amazon CloudWatch Logs for the sources that need monitoring. Create log subscription filters for each log stream. Forward the messages to Amazon OpenSearch Service for analysis.   ✓
- C. Set up a delegated Amazon Security Lake administrator account in Organizations. Enable and configure Security Lake for the organization. Add the accounts that need monitoring. Use Amazon Athena to query the log data.  
- D. Apply an SCP to configure all member accounts and services to deliver log files to a centralized Amazon S3 bucket. Use Amazon OpenSearch Service to query the centralized S3 bucket for log entries.
Correct Answer: B.  Configure log streams in Amazon CloudWatch Logs for the sources that need monitoring. Create log subscription filters for each log stream. Forward the messages to Amazon OpenSearch Service for analysis.  
Explanation
本题核心在于跨组织账户、AWS Marketplace服务及本地系统的日志聚合分析。AWS CloudWatch Logs支持多源集成,通过日志流统一收集VPC流日志、CloudTrail等AWS服务数据,同时兼容本地系统日志(需安装代理)。订阅过滤器实现日志实时筛选转发至Amazon OpenSearch Service,满足集中分析、标准化处理需求,且无须依赖特定存储架构或跨账户策略配置。选项B通过CloudWatch与OpenSearch的无缝衔接覆盖全部三类数据源,直接达成规范化分析和实时查询功能。