Q68 — AWS SCS-C02 Ch.1
Question 68 of 100 | ← Chapter 1
A company hosts its microservices application on Amazon Elastic Kubernetes Service(Amazon EKS).The company has set up continuous deployments to update the application on demand. A security engineer must implement a solution to provide automatic detection of anomalies in application logs in near real time.The solution also must send notifications about these anomalies to the security team. Which solution will meet these requirements?
- A. Configure Amazon Cloudwatch Container Insights to collect and aggregate EKS application ogs. Create a Cloudwatch alarm to monitor for anomalies.Configure the alarm to launch an AWSLambda function to alert the security team when anomalies are detected.
- B. Configure Amazon EKS to send application logs to Amazon Cloudwatch.Create a CloudWatch alarm based on a log group metric filter. Specify anomaly detection as the threshold type. Configure the alarm to use Amazon Simple Notification Service (Amazon SNS) to alert the security team. ✓
- C. Configure Amazon EKS to export ogs to Amazon S3.Use Amazon Athena queries to analyze the logs for anomalies.Use Amazon QuickSight to visualize and monitor user access requests for anomalies.Configure Amazon Simple Notification Service(Amazon SNS) notifications to alert the securityteam.
- D. Configure AWS App Mesh to monitor the traffic to the microservices in Amazon EKS.Integrate App Mesh with AWS CloudTrail for logging.Use Amazon Detective to analyze the logs for anomalies and to alert the security team when anomalies are detected.
Correct Answer: B. Configure Amazon EKS to send application logs to Amazon Cloudwatch.Create a CloudWatch alarm based on a log group metric filter. Specify anomaly detection as the threshold type. Configure the alarm to use Amazon Simple Notification Service (Amazon SNS) to alert the security team.
Explanation
该题目考察如何利用AWS服务实现近实时日志异常检测与通知。依据Amazon CloudWatch文档,CloudWatch Logs支持通过指标过滤器从日志数据中提取指标,并设置基于异常检测的警报阈值。选项B正确配置了EKS日志发送至CloudWatch,利用内置的异常检测算法建立警报,触发SNS通知安全团队。选项A使用Container Insights(侧重容器性能指标而非自定义日志分析),C依赖批处理的Athena查询(非实时),D选用App Mesh/CloudTrail(流量监控与API审计日志)均偏离应用日志实时异常检测的核心需求。