SCS-C03 · Question #11
SCS-C03 Question #11: Real Exam Question with Answer & Explanation
The correct answer is A: Create a CloudTrail Lake data store. Implement CloudTrail Lake dashboards to visualize and. AWS CloudTrail Lake is purpose-built to store, query, and analyze CloudTrail events, including data events, without requiring additional infrastructure. The AWS Certified Security - Specialty documentation explains that CloudTrail Lake provides immutable event storage with config
Question
A company must capture AWS CloudTrail data events and must retain the logs for 7 years. The logs must be immutable and must be available to be searched by complex queries. The company also needs to visualize the data from the logs. Which solution will meet these requirements MOST cost-effectively?
Options
- ACreate a CloudTrail Lake data store. Implement CloudTrail Lake dashboards to visualize and
- BUse the CloudTrail Event History feature in the AWS Management Console. Visualize and query
- CSend the CloudTrail logs to an Amazon S3 bucket. Provision a persistent Amazon EMR cluster
- DSend the CloudTrail logs to a log group in Amazon CloudWatch Logs. Set the CloudWatch Logs
Explanation
AWS CloudTrail Lake is purpose-built to store, query, and analyze CloudTrail events, including data events, without requiring additional infrastructure. The AWS Certified Security - Specialty documentation explains that CloudTrail Lake provides immutable event storage with configurable retention periods, including multi-year retention, which satisfies long-term compliance requirements such as 7-year retention. Events are stored in an append-only, immutable format managed by AWS, reducing operational complexity. CloudTrail Lake supports SQL-based queries for complex analysis directly against the event data, eliminating the need to export logs to other services for querying. Additionally, CloudTrail Lake includes built-in dashboards and integrations that enable visualization of event trends and patterns without standing up separate analytics or visualization platforms. Option B is invalid because CloudTrail Event History only retains events for up to 90 days and does not support long-term retention or advanced querying. Option C introduces high operational overhead and cost by requiring persistent Amazon EMR clusters and additional services. Option D incurs ongoing ingestion, indexing, and storage costs for OpenSearch Service over a 7-year period, making it less cost-effective than CloudTrail Lake. AWS documentation positions CloudTrail Lake as the most cost-effective and operationally efficient solution for long-term, queryable CloudTrail event storage and visualization.
Community Discussion
No community discussion yet for this question.