Monitoring & logs Flashcards
Q: Which solution will meet the requirements of identifying any changes to the organizational unit (OU) hierarchy in AWS Organizations and notifying the operations team with the least operational overhead?
A: Provision the AWS accounts by using AWS Control Tower. Use account drift notifications to identify the changes to the OU hierarchy.
Q: What should a solutions architect do to ensure that all Amazon EC2 instances are configured with the required tags in the most operationally efficient way?
A: Use AWS Config rules to define and detect resources that are not properly tagged.
Q: How should a solutions architect design a solution to collect, aggregate, and summarize metrics and logs from a microservices-based application running on Amazon EKS?
A: Configure Amazon CloudWatch Container Insights in the existing EKS cluster. View the metrics and logs in the CloudWatch console.
Q: What should a solutions architect do to identify and analyze SQL injection and cross-site scripting (XSS) attacks on a serverless application using Amazon API Gateway and AWS Lambda?
A: Configure AWS WAF rules and associate them with the API Gateway API.
Q: How should a solutions architect design a solution to capture and analyze Amazon CloudTrail logs to identify unauthorized access attempts and security incidents?
A: Store the CloudTrail logs in Amazon S3. Use Amazon Athena to query the logs and analyze the data.
Q: What should a solutions architect do to ensure that all changes to Amazon EC2 instances are logged and audited in a centralized manner?
A: Enable AWS CloudTrail and configure it to log all EC2 API calls to an Amazon S3 bucket.
