You are responsible to deploying a critical application onto AWS.
Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance.
Also there is a need to monitor web application logs to identify any malicious activity.
Which of the following services can be used to fulfil this requirement.
Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and D.
The AWS Documentation mentions the following about these services.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.
For more information on Cloudtrail, please refer to below URL:
https://aws.amazon.com/cloudtrail/You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Amazon Route 53, and other sources.
You can then retrieve the associated log data from CloudWatch Logs.
For more information on Cloudwatch logs, please refer to below URL:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.htmlTo meet the requirement of PCI compliance and monitor web application logs for identifying malicious activity, the following AWS services can be used:
A. Amazon CloudWatch Logs: It is a monitoring and logging service that allows you to monitor, store, and access your log files from AWS resources and your applications. With CloudWatch Logs, you can monitor your logs in real-time, set up alerts, and troubleshoot issues quickly. You can use it to collect web application logs and analyze them to identify any security issues.
B. Amazon VPC Flow Logs: It is a feature that captures information about the IP traffic going to and from network interfaces in your VPC. VPC Flow Logs can help you troubleshoot connectivity issues, monitor the traffic going in and out of your VPC, and identify potential security threats. With VPC Flow Logs, you can capture information about the source and destination IP addresses, ports, and protocols, and the number of packets and bytes transferred.
C. Amazon AWS Config: It is a fully managed service that provides you with a detailed inventory of your AWS resources, their current configurations, and their relationships to one another. AWS Config also monitors and records changes to your resources over time, which can help you track and troubleshoot issues. You can use AWS Config to ensure that your resources are configured in compliance with the PCI requirements.
D. Amazon CloudTrail: It is a service that records API calls made in your AWS account and delivers log files to an S3 bucket for storage and analysis. CloudTrail can help you monitor and troubleshoot your AWS resources, ensure compliance, and detect security incidents. You can use CloudTrail to monitor activity related to your web application, such as changes to security groups, VPC configurations, or access policies.
Therefore, the correct answers are A (Amazon CloudWatch Logs) and B (Amazon VPC Flow Logs) as they are the most suitable services for monitoring web application logs and identifying malicious activity. However, AWS Config and CloudTrail can also be used for compliance and security monitoring purposes.