New Year Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

An Amazon EC2 Auto Scaling group launches Amazon Linux EC2 instances and installs the Amazon...

Amazon Web Services SCS-C02 Full Course Access
Amazon Web Services SCS-C02 View All Questions

An Amazon EC2 Auto Scaling group launches Amazon Linux EC2 instances and installs the Amazon CloudWatch agent to publish logs to Amazon CloudWatch Logs. The EC2 instances launch with an IAM role that has an IAM policy attached. The policy provides access to publish custom metrics to CloudWatch. The EC2 instances run in a private subnet inside a VPC. The VPC provides ^ccess to the internet for private subnets through a NAT gateway.

A security engineer notices that no logs are being published to CloudWatch Logs for the EC2 instances that the Auto Scaling group launches. The security engineer validates that the CloudWatch Logs agent is running and is configured properly on the EC2 instances. In addition, the security engineer validates that network communications are working properly to AWS services.

What can the security engineer do to ensure that the logs are published to CloudWatch Logs?

A.

Configure the IAM policy in use by the IAM role to have access to the required cloudwatch: API actions thatwill publish logs.

B.

Adjust the Amazon EC2 Auto Scaling service-linked role to have permissions to write to CloudWatch Logs.

C.

Configure the IAM policy in use by the IAM role to have access to the required AWS logs: API actions that willpublish logs.

D.

Add an interface VPC endpoint to provide a route to CloudWatch Logs.

SCS-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C02 pdf
Get 65% Discount on All Products, Use Coupon: "ac4s65"
Next
Your company uses IAM to host its resources.
A company deploys a set of standard IAM roles in AWS accounts.
Previous