SCS-C02 · Question #422
SCS-C02 Question #422: Real Exam Question with Answer & Explanation
The correct answer is B: Enable AWS CloudTrail to deliver logs to an Amazon S3 bucket. Use Amazon Athena to query. AWS CloudTrail logs all API activity related to AWS services, including Amazon Cognito, and can capture login attempts (both successful and unsuccessful). By enabling CloudTrail, the logs can be delivered to an S3 bucket for storage, and Amazon Athena can be used to query those l
Question
A company uses Amazon Cognito as an OAuth 2.0 identity platform for its web and mobile applications. The company needs to capture successful and unsuccessful login attempts. The company also needs to query the data about the login attempts. Which solution will meet these requirements?
Options
- AConfigure Cognito to send logs of user activity to Amazon CloudWatch. Configure Amazon
- BEnable AWS CloudTrail to deliver logs to an Amazon S3 bucket. Use Amazon Athena to query
- CConfigure AWS CloudTrail to send Cognito CloudTrail events to Amazon CloudWatch for
- DConfigure Amazon CloudWatch metrics to monitor and report Cognito events. Create a
Explanation
AWS CloudTrail logs all API activity related to AWS services, including Amazon Cognito, and can capture login attempts (both successful and unsuccessful). By enabling CloudTrail, the logs can be delivered to an S3 bucket for storage, and Amazon Athena can be used to query those logs. The event name InitiateAuth corresponds to login attempts, and the event source cognito- idp.amazonaws.com refers to the Cognito identity service. This solution allows querying the logs for login attempts while meeting the requirement to capture both successful and unsuccessful
Community Discussion
No community discussion yet for this question.