CIS 195 Module 6 Knowledge Check
Define your requirements for logs, alerts, and metrics.
What is the first step to use the detective controls that AWS provides? Determine what AWS provided detective services will cost. Configure service and application logging. Centrally analyze logs. Define your requirements for logs, alerts, and metrics.
Amazon EventBridge
Which AWS logging and monitoring service is a serverless event bus service that can connect your applications with data from a variety of sources? Amazon EventBridge AWS Config AWS Trusted Advisor AWS Security Hub
AWS Trusted Advisor
Which AWS service evaluates your account by using checks that identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas? Amazon EventBridge AWS Config AWS Trusted Advisor AWS Security Hub
Time of the origin of the request in your local time
Which information does AWS CloudTrail NOT capture? Originating location of the request Time of the origin of the request in your local time Name of the API called Time of the API call
CloudTrail can be integrated into applications by using the API.
Which statement about AWS CloudTrail is true? CloudTrail can be integrated into applications by using the API. CloudTrail records actions taken by a user, role, or AWS service as trails. CloudTrail does not record actions taken in the AWS Management Console. CloudTrail helps you enable governance and manage compliance by disabling operational and risk auditing of your AWS account.
Monitoring is a continuous process.
Which statement about AWS monitoring is true? Amazon CloudWatch provides the ability to record who is doing what and when they are doing it. Monitoring is a continuous process. AWS CloudTrail provides the ability to monitor your resources and applications in real time. Amazon CloudWatch is the sole provider of monitoring capabilities.
CloudWatch can be used to detect anomalous behavior and invoke other services to take further action.
Which statement about Amazon CloudWatch is true? CloudWatch can only be used to collect metrics in the AWS Cloud environment. CloudWatch can be used to detect anomalous behavior and invoke other services to take further action. CloudWatch is used to create data silos to protect against system-wide visibility and issue resolution. CloudWatch continually scans AWS workloads for software vulnerabilities and unintended network exposure.
Log files can be used to demonstrate compliance with regulations.
Which statement about logging and log files is true? Log files can be used to demonstrate compliance with regulations. Log files are a violation of the European Union General Data Protection Regulation (GDPR). Log files should not be used for auditing due to their unreliable nature. Log files are a requirement for incident response and remediation.
AWS Trusted Advisor logs
A web application uses a fleet of Amazon EC2 instances for both dynamic and static assets. The EC2 instances are in a private subnet, behind a load balancer that is in a public subnet inside the VPC. Which service logs would provide the MOST insight into how users are using the web application? AWS Trusted Advisor logs Amazon S3 access logs Elastic Load Balancing (ELB) access logs Amazon VPC flow logs
Is useful to detect anomalous behavior, set alarms, and discover insights
AWS CloudTrail and Amazon CloudWatch serve specific functions. Which function is indicative of CloudWatch? Is useful for compliance auditing, security analysis, and troubleshooting Helps you determine who performed an unauthorized action Continuously monitors user activities Is useful to detect anomalous behavior, set alarms, and discover insights
