Q69 — AWS SCS-C02 Ch.1
Question 69 of 100 | ← Chapter 1
>A company hosts a web application on an Apache web server. The application runs on Amazon EC2 instances that are in an Auto Scaling group. The company configured the EC2 instances to send the Apache web server logs to an Amazon CloudWatch Logs group that the company has configured to expire after 1 year. Recently, the company discovered in the Apache web server logs that a specific IP address is sending suspicious requests to the web application. A security engineer wants to analyze the past week of Apache web server logs to determine how many requests that the IP address sent and the corresponding URLs that the IP address requested. What should the security engineer do to meet these requirements with the LEAST effort?
- A. Export the CloudWatch Logs group data to Amazon S3. Use Amazon Macie to query the logs for the specific IP address and the requested URL.
- B. Configure a CloudWatch Logs subscription to stream the log group to an Amazon OpenSearch Service cluster. Use OpenSearch Service to analyze the logs for the specific IP address and the requested URLs.
- C. Use CloudWatch Logs Insights and a custom query syntax to analyze the CloudWatch logs for the specific IP address and the requested URLs. ✓
- D. Export the CloudWatch Logs group data to Amazon S3. Use AWS Glue to crawl the S3 bucket for only the log entries that contain the specific IP address. Use AWS Glue to view the results.
Correct Answer: C. Use CloudWatch Logs Insights and a custom query syntax to analyze the CloudWatch logs for the specific IP address and the requested URLs.
Explanation
该题考察对AWS日志分析工具的选择。根据CloudWatch Logs的功能,CloudWatch Logs Insights支持直接对日志数据进行查询分析,无需数据迁移或复杂配置。选项C通过编写自定义查询语法直接在CloudWatch中检索特定IP和URL,避免了导出日志到S3、配置OpenSearch或使用AWS Glue的额外步骤。其他选项均涉及额外服务集成或数据导出流程,增加了操作复杂度。正确答案凸显了使用内置工具实现最小化操作成本的原则。