SCS-C02 · Question #172
SCS-C02 Question #172: Real Exam Question with Answer & Explanation
The correct answer is B: Enable Kubernetes API server component logs for each cluster.. The security engineer should enable Kubernetes API server component logs for each cluster. This is because the API server component logs contain details about the Kubernetes events such as pod creation, which are not included in the AWS CloudTrail logs. Once these logs are enable
Question
A company uses AWS Organizations and has Amazon Elastic Kubernetes Service (Amazon EKS) clusters in many AWS accounts. A security engineer integrates Amazon EKS with AWS CloudTrail. The CloudTrail trails are stored in an Amazon S3 bucket in each account to monitor API calls. The security engineer observes that CloudTrail logs are not displaying Kubernetes pod creation events. What should the security engineer do to view the Kubernetes events from Amazon CloudWatch?
Options
- AConfigure the EKS clusters to use private S3 VPC endpoints. Configure the S3 buckets for
- BEnable Kubernetes API server component logs for each cluster.
- CEnable cross-origin resource sharing (CORS) in the S3 bucket that is used for logging.
- DConfigure CloudWatch. View the events in the CloudWatch console.
Explanation
The security engineer should enable Kubernetes API server component logs for each cluster. This is because the API server component logs contain details about the Kubernetes events such as pod creation, which are not included in the AWS CloudTrail logs. Once these logs are enabled, they can be viewed from Amazon CloudWatch.
Community Discussion
No community discussion yet for this question.