Q68 — AWS SCS-C02 Ch.1

Question 68 of 100 | ← Chapter 1

A company hosts its microservices application on Amazon Elastic Kubernetes Service(Amazon EKS).The company has set up continuous deployments to update the application on demand. A security engineer must implement a solution to provide automatic detection of anomalies in application logs in near real time.The solution also must send notifications about these anomalies to the security team. Which solution will meet these requirements?

Correct Answer: B. Configure Amazon EKS to send application logs to Amazon Cloudwatch.Create a CloudWatch alarm based on a log group metric filter. Specify anomaly detection as the threshold type. Configure the alarm to use Amazon Simple Notification Service (Amazon SNS) to alert the security team.

Explanation

该题目考察如何利用AWS服务实现近实时日志异常检测与通知。依据Amazon CloudWatch文档,CloudWatch Logs支持通过指标过滤器从日志数据中提取指标,并设置基于异常检测的警报阈值。选项B正确配置了EKS日志发送至CloudWatch,利用内置的异常检测算法建立警报,触发SNS通知安全团队。选项A使用Container Insights(侧重容器性能指标而非自定义日志分析),C依赖批处理的Athena查询(非实时),D选用App Mesh/CloudTrail(流量监控与API审计日志)均偏离应用日志实时异常检测的核心需求。