SCS-C03 Question #35: Real Exam Question with Answer & Explanation

Question

A company is planning to deploy a new log analysis environment. The company needs to analyze logs from multiple AWS services in near real time. The solution must provide the ability to search the logs and must send alerts to an existing Amazon Simple Notification Service (Amazon SNS) topic when specific logs match detection rules. Which solution will meet these requirements?

Options

• AAnalyze the logs by using Amazon OpenSearch Service. Search the logs from the OpenSearch
• BAnalyze the logs by using AWS Security Hub. Search the logs from the Findings page in Security
• CAnalyze the logs by using Amazon CloudWatch Logs. Use a subscription filter to match logs with
• DAnalyze the logs by using Amazon QuickSight. Search the logs by listing the query results in a

Explanation

Amazon OpenSearch Service is designed for near real-time log ingestion, indexing, and search across large volumes of data. According to the AWS Certified Security - Specialty Study Guide, OpenSearch supports advanced log analytics use cases and integrates with OpenSearch Security Analytics, which provides prebuilt and custom detection rules. Security Analytics can continuously evaluate incoming logs from multiple AWS services and generate alerts when detection rules are matched. These alerts can be forwarded to Amazon SNS with minimal configuration. OpenSearch also provides powerful search and query capabilities through APIs and dashboards. Option C supports detection but lacks advanced correlation and scalable search capabilities. Option B is not a log analytics service. Option D is a visualization service and does not support real-time detection. AWS guidance recommends OpenSearch Service for centralized, near real-time log analysis and

No community discussion yet for this question.