SCS-C02 · Question #268
SCS-C02 Question #268: Real Exam Question with Answer & Explanation
The correct answer is D: Install Amazon Kinesis Agent on the instances. Important note: The marked answer (D) appears to be incorrect. The correct answer is B - Install the unified Amazon CloudWatch agent. The CloudWatch agent directly satisfies all four requirements: it ships EC2 log files to CloudWatch Logs (an AWS managed service), enables automat
Question
An application running on Amazon EC2 instances generates log files in a folder on a Linux file system. The instances block access to the console and file transfer utilities, such as Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP). The Application Support team wants to automatically monitor the application log files so the team can set up notifications in the future. A Security Engineer must design a solution that meets the following requirements: - Make the log files available through an AWS managed service. - Allow for automatic monitoring of the logs. - Provide an Interlace for analyzing logs. - Minimize effort. Which approach meets these requirements?
Options
- AModify the application to use the AWS SDK Write the application logs lo an Amazon S3 bucket
- BInstall the unified Amazon CloudWatch agent on the instances
- CInstall AWS Systems Manager Agent on the instances
- DInstall Amazon Kinesis Agent on the instances
Explanation
Important note: The marked answer (D) appears to be incorrect. The correct answer is B - Install the unified Amazon CloudWatch agent.
The CloudWatch agent directly satisfies all four requirements: it ships EC2 log files to CloudWatch Logs (an AWS managed service), enables automatic monitoring via CloudWatch Alarms and Metric Filters, provides CloudWatch Logs Insights as an analysis interface, and requires only agent installation - minimal effort.
Why the distractors fail:
- A (SDK + S3): S3 is object storage, not a log-monitoring service. It requires rewriting application code (violates "minimize effort") and lacks native log analysis.
- C (SSM Agent): Systems Manager Agent handles patch management, run commands, and inventory - not log shipping or analysis.
- D (Kinesis Agent): Kinesis streams data for real-time pipelines but is primarily an ingestion layer. Useful analysis requires additional services (e.g., OpenSearch), adding complexity and effort. It does not natively provide a log-analysis interface.
Memory tip: Think "CloudWatch = logs + monitor + analyze" as a complete package. Whenever a question asks for log collection on EC2 with monitoring and analysis capabilities in one AWS-native solution, CloudWatch agent + CloudWatch Logs is the pattern to reach for. Kinesis is for streaming data pipelines, not straightforward log observability.
Topics
Community Discussion
No community discussion yet for this question.