You have set up a web server with an Auto-scaling group & Application Load Balancer in the front end.
As a part of the Security requirement, you need to capture all traffic flowing between the client & web server.
You are planning to enable Access logs on Application Load Balancer.
But you are uncertain about the traffic captured by enabling this log.
Which of the following is true concerning Access logs entries for Application Load Balancer?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Application Load Balancer Access logs consist of all requests that are not forward to Targets, but not the health check request that ALB periodically sends to the target group.
Option B is incorrect as if access logs are enabled for Application Load Balancer.
It captures traffic which consists of WSS (web socket over SSL/TLS)traffic between client & target server.
Option C is incorrect as any malformed requests from clients are captured in Access logs but are not forwarded to the target group.
Option D is incorrect as if no healthy targets are remaining, Application Load Balancer will capture those requests in access logs but never forward them to target.
For more information on access logs for Application Load Balancer, refer to the following URL-
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.htmlAccess logs on the Application Load Balancer capture detailed information about all requests and responses processed by the load balancer. This includes information about the client, the target group, and the backend instance that processed the request. The log entries provide valuable insights into the traffic patterns, usage statistics, and security events that occur on the system.
Regarding the given question, the true statement concerning Access logs entries for Application Load Balancer is:
A. It does not log health check requests from Application Load Balancer to the target group.
This means that the Access logs on the Application Load Balancer do not record the health check requests that are sent from the load balancer to the backend instances. These health check requests are used to determine the health status of the instances and to route traffic accordingly. The reason for not logging these requests is to prevent the log files from being cluttered with redundant information that is not relevant for analysis.
Regarding the other options:
B. It does not log WSS (web socket over SSL/TLS) traffic between client and target group. This statement is not correct. Access logs on the Application Load Balancer record all traffic that flows through the load balancer, including WSS traffic. WSS is a secure protocol that uses SSL/TLS encryption to protect the traffic, and the load balancer can decrypt the traffic to log it.
C. It does not capture malformed requests from clients to the target server. This statement is not correct. Access logs on the Application Load Balancer capture all requests that are processed by the load balancer, including malformed requests. Malformed requests are requests that do not conform to the HTTP protocol specification, and they can indicate a security vulnerability or a misconfigured client application.
D. It does not log traffic when there are no healthy targets remaining to respond to client requests. This statement is not correct. Access logs on the Application Load Balancer capture all requests that are processed by the load balancer, regardless of whether there are healthy targets available to respond to them. In fact, this information can be useful to detect and troubleshoot issues with the backend instances or the target group configuration.
In summary, the correct answer to the given question is A. It does not log health check requests from Application Load Balancer to the target group.