nerdexam
ExamsSAP-C02Questions#603
AmazonAmazon

SAP-C02 · Question #603

SAP-C02 Question #603: Real Exam Question with Answer & Explanation

The correct answer is A: Create a destination Amazon Kinesis data stream in the central logging account.. To centrally aggregate, process, and stream high-volume, regional CloudWatch logs, configure Kinesis Data Streams for ingestion, an IAM role for cross-account access, and a Lambda function for processing and forwarding.

Submitted by ngozi_ng· Mar 6, 2026Continuous Improvement for Existing Solutions

Question

A company needs to aggregate Amazon CloudWatch logs from its AWS accounts into one central logging account. The collected logs must remain in the AWS Region of creation. The central logging account will then process the logs, normalize the logs into standard output format, and stream the output logs to a security tool for more processing. A solutions architect must design a solution that can handle a large volume of logging data that needs to be ingested. Less logging will occur outside normal business hours than during normal business hours. The logging solution must scale with the anticipated load. The solutions architect has decided to use an AWS Control Tower design to handle the multi-account logging process. Which combination of steps should the solutions architect take to meet the requirements? (Choose three.)

Options

  • ACreate a destination Amazon Kinesis data stream in the central logging account.
  • BCreate a destination Amazon Simple Queue Service (Amazon SQS) queue in the central logging
  • CCreate an IAM role that grants Amazon CloudWatch Logs the permission to add data to the
  • DCreate an IAM role that grants Amazon CloudWatch Logs the permission to add data to the
  • ECreate an AWS Lambda function. Program the Lambda function to normalize the logs in the
  • FCreate an AWS Lambda function. Program the Lambda function to normalize the logs in the

Explanation

To centrally aggregate, process, and stream high-volume, regional CloudWatch logs, configure Kinesis Data Streams for ingestion, an IAM role for cross-account access, and a Lambda function for processing and forwarding.

Common mistakes.

  • B. Amazon SQS is a message queue service better suited for decoupling microservices or asynchronous tasks, not for real-time, high-volume streaming data aggregation like Kinesis Data Streams.
  • D. This option describes creating an IAM role to grant CloudWatch Logs permissions to an SQS queue, which is not the correct service for high-volume streaming log ingestion.
  • F. This option describes using a Lambda function to normalize logs in an SQS queue, which is not the appropriate service for streaming log aggregation and processing in this high-volume scenario.

Concept tested. Centralized CloudWatch Logs, Kinesis Data Streams, cross-account IAM

Reference. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#SubscriptionFiltersKinesis

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SAP-C02 PracticeBrowse All SAP-C02 Questions