Which solution will meet these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company is running an application distributed over several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.The security team requires that all application access attempts be made available for analysis.Information about the client IP address, connection type, and user agent must be included.

Which solution will meet these requirements?

Enable EC2 detailed monitoring, and include network logs. Send all logs through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.

Enable VPC Flow Logs for all EC2 instance network interfaces. Publish VPC Flow Logs to an Amazon S3 bucket. Have the security team use Amazon Athena to query and analyze the logs.

Enable access logs for the Application Load Balancer, and publish the logs to an Amazon S3 bucket. Have the security team use Amazon Athena to query and analyze the logs.

Enable Traffic Mirroring and specify all EC2 instance network interfaces as the source. Send all traffic information through Amazon Kinesis Data Firehose to an Amazon Elasticsearch Service (Amazon ES) cluster that the security team uses for analysis.

Explanations:

Enabling EC2 detailed monitoring and including network logs does not capture detailed application access attempts, such as client IP address and user agent. While Kinesis Data Firehose can help process logs, this option does not specifically address the requirement for analyzing application access attempts.

VPC Flow Logs capture network traffic information but do not include application-level details such as user agent and client IP address related to application requests. This option does not meet the requirement for analyzing application access attempts in detail.

Enabling access logs for the Application Load Balancer captures details about client requests, including client IP address, user agent, and connection information. Storing these logs in an S3 bucket allows the security team to use Amazon Athena to query and analyze the logs effectively, thus meeting all specified requirements.

Traffic Mirroring captures all network traffic at the packet level, which could be excessive and not focused on application access attempts. Additionally, this method does not specifically provide the structured access information required for analysis (like user agent or connection type) and may complicate log analysis.

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − two =