AWS DevOps Engineer Professional DOP-C01 – Question150

A company mandates the creation of capture logs for everything running in its AWS account. The account has multiple VPCs with Amazon EC2 instances, Application Load Balancers, Amazon RDS MySQL databases, and AWS WAF rules configured. The logs must be protected from deletion. A daily visual analysis of log anomalies from the previous day is required.
Which combination of actions should a DevOps Engineer take to accomplish this? (Choose three.)

A.
Configure an AWS Lambda function to send all CloudWatch logs to an Amazon S3 bucket. Create a dashboard report in Amazon QuickSight.
B. Configure AWS CloudTrail to send all logs to Amazon Inspector. Create a dashboard report in Amazon QuickSight.
C. Configure Amazon S3 MFA Delete on the logging Amazon S3 bucket.
D. Configure an Amazon S3 object lock legal hold on the logging Amazon S3 bucket.
E. Configure AWS Artifact to send all logs to the logging Amazon S3 bucket. Create a dashboard report in Amazon QuickSight.
F. Deploy an Amazon CloudWatch agent to all Amazon EC2 instances.

Correct Answer: CEF