What should a database specialist do to remediate this issue?

By:
On:
In: DBS-C01
Tagged:
With: 0 Comments
A company has an Amazon Redshift cluster with database audit logging enabled.A security audit shows that raw SQL statements that run against the Redshift cluster are being logged to an Amazon S3 bucket.The security team requires that authentication logs are generated for use in an intrusion detection system (IDS), but the security team does not require SQL queries.

What should a database specialist do to remediate this issue?

Set the use_fips_ssl parameter to true in the database parameter group.

Turn off the query monitoring rule in the Redshift cluster’s workload management (WLM).

Set the enable_user_activity_logging parameter to false in the database parameter group.

Disable audit logging on the Redshift cluster.

Explanations:

Theuse_fips_sslparameter enables FIPS-compliant encryption for SSL connections but does not impact the logging of SQL queries or authentication logs.

The query monitoring rule controls query performance and resource allocation, but it does not address logging of SQL queries or authentication data.

Setting theenable_user_activity_loggingparameter to false will stop logging user activity, including SQL queries, while still enabling audit logs for authentication, which is required by the security team.

Disabling audit logging completely would prevent any logging, including authentication logs, which is not aligned with the security team’s requirement to track authentication logs.

Leave a Reply

Your email address will not be published. Required fields are marked *

five − 3 =