Which solution will meet these requirements?

By:
On:
In: DOP-C02
Tagged:
With: 0 Comments
A company’s video streaming platform usage has increased from 10,000 users each day to 50,000 users each day in multiple countries.The company deploys the streaming platform on Amazon Elastic Kubernetes Service (Amazon EKS).The EKS workload scales up to thousands of nodes during peak viewing time.The company’s users report occurrences of unauthorized logins.Users also report sudden interruptions and logouts from the platform.The company wants additional security measures for the entire platform.The company also needs a summarized view of the resource behaviors and interactions across the company’s entire AWS environment.The summarized view must show login attempts, API calls, and network traffic.The solution must permit network traffic analysis while minimizing the overhead of managing logs.The solution must also quickly investigate any potential malicious behavior that is associated with the EKS workload.

Which solution will meet these requirements?

Enable Amazon GuardDuty for EKS Audit Log Monitoring. Enable AWS CloudTrail logs. Store the EKS audit logs and CloudTrail log files in an Amazon S3 bucket. Use Amazon Athena to create an external table. Use Amazon QuickSight to create a dashboard.

Enable Amazon GuardDuty for EKS Audit Log Monitoring. Enable Amazon Detective in the company’s AWS account. Enable EKS audit logs from optional source packages in Detective.

Enable Amazon CloudWatch Container Insights. Enable AWS CloudTrail logs. Store the EKS audit logs and CloudTrail log files in an Amazon S3 bucket. Use Amazon Athena to create an external table. Use Amazon QuickSight to create a dashboard.

Enable Amazon GuardDuty for EKS Audit Log Monitoring. Enable Amazon CloudWatch Container Insights and VPC Flow Logs. Enable AWS CloudTrail logs.

Explanations:

While enabling GuardDuty and CloudTrail provides monitoring and logging capabilities, it lacks direct network traffic analysis and efficient investigation of malicious behavior. Storing logs in S3 and using Athena and QuickSight adds complexity and does not minimize log management overhead.

This option enables GuardDuty for EKS audit log monitoring, which enhances security by detecting suspicious activity. Amazon Detective allows for in-depth analysis and investigation of potential malicious behavior, linking the data to provide insights across AWS services. This meets the requirements for security measures and resource behavior analysis.

Enabling CloudWatch Container Insights and storing logs in S3 with Athena for analysis may provide insights but does not specifically address security monitoring like GuardDuty or Detective. It also does not offer efficient investigation tools for potential threats, making it less suitable for the requirements.

Although this option includes GuardDuty for EKS Audit Log Monitoring and CloudWatch Container Insights, it lacks the deeper investigation capabilities provided by Amazon Detective. VPC Flow Logs help with network traffic monitoring but do not offer a summarized view of behaviors across the AWS environment as required.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 − 4 =