SAP-C02 · Question #832
SAP-C02 Question #832: Real Exam Question with Answer & Explanation
The correct answer is A: Ingest audit log data from each SaaS application into AWS AppFabric. Convert the audit log data. Ingesting audit log data from each SaaS application into AWS AppFabric and converting the logs into the Open Cybersecurity Schema Framework (OCSF) format ensures that the logs are normalized, making it easier to integrate and process data from different sources. Using Amazon Data
Question
A company uses multiple software as a service (SaaS) applications for messaging, email, and file sharing. The SaaS applications are compatible with AWS AppFabric. The company's web application runs in a VPC on an Amazon EKS cluster and uses Amazon S3 to store data. The company wants to detect security incidents across the SaaS applications and the web application that could compromise company data. The company needs a centralized solution that provides a dashboard. The dashboard must show the IP addresses, email addresses, and access frequencies of unique users across its SaaS applications and the web application. Which combination of steps will meet these requirements with LEAST operational overhead? (Choose three.)
Options
- AIngest audit log data from each SaaS application into AWS AppFabric. Convert the audit log data
- BIngest networking and usage log data from each SaaS application into AWS AppFabric. Convert
- CCreate an Amazon S3 bucket to receive logs in JSON format through Amazon Data Firehose.
- DConfigure the logs associated with AWS CloudTrail management events, AWS CloudTrail data
- EConfigure Amazon Security Lake to send security data from different sources to Amazon
- FConfigure Amazon Security Lake to send security data from different sources to Amazon
Explanation
Ingesting audit log data from each SaaS application into AWS AppFabric and converting the logs into the Open Cybersecurity Schema Framework (OCSF) format ensures that the logs are normalized, making it easier to integrate and process data from different sources. Using Amazon Data Firehose to deliver the logs to Amazon Security Lake in an S3 bucket provides a centralized, scalable storage solution. Configuring AWS CloudTrail management events, data events for S3, EKS audit logs, and VPC Flow Logs as sources in Amazon Security Lake, and adding AWS AppFabric as a custom source ensures that all relevant data from AWS services and the SaaS applications are centralized and available for analysis. Security Lake helps aggregate the logs from various sources to create a unified view of the security data. Using Amazon Security Lake to send security data to Amazon OpenSearch Service allows for fast querying and analysis of security-related data. By configuring OpenSearch Ingestion and using the OpenSearch Service dashboard, you can create a visualization of the security data, including IP addresses, email addresses, and access frequencies, meeting the requirement for a centralized dashboard.
Community Discussion
No community discussion yet for this question.