A company’s Information Security team wants to analyze Amazon EC2 performance and utilization data in near-real time for anomalies. A Security Engineer is responsible for log aggregation. The Engineer must collect logs from all of the company’s AWS accounts in a centralized location to perform the analysis.
How should the Security Engineer do this?
A. Log in to each account four times a day and filter the AWS CloudTrail log data, then copy and paste the logs in to the Amazon S3 bucket in the destination account.
B. Set up Amazon CloudWatch to stream data to an Amazon S3 bucket in each source account. Set up bucket replication for each source account into a centralized bucket owned by the Security Engineer.
C. Set up an AWS Config aggregator to collect AWS configuration data from multiple sources.
D. Set up Amazon CloudWatch cross-account log data sharing with subscriptions in each account. Send the logs to Amazon Kinesis Data Firehose in the Security Engineer’s account.
How should the Security Engineer do this?
A. Log in to each account four times a day and filter the AWS CloudTrail log data, then copy and paste the logs in to the Amazon S3 bucket in the destination account.
B. Set up Amazon CloudWatch to stream data to an Amazon S3 bucket in each source account. Set up bucket replication for each source account into a centralized bucket owned by the Security Engineer.
C. Set up an AWS Config aggregator to collect AWS configuration data from multiple sources.
D. Set up Amazon CloudWatch cross-account log data sharing with subscriptions in each account. Send the logs to Amazon Kinesis Data Firehose in the Security Engineer’s account.