Your company's security team starts to configure firewall rules in AWS WAF to filter and monitor the HTTP(S) requests.
You need to monitor the web ACLs and rules using Amazon CloudWatch.
The CloudWatch metrics to be monitored include AllowedRequests, BlockedRequests and PassedRequests.
In terms of these CloudWatch metrics, which of the following statements is true?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Option A is incorrect because the CloudWatch console limits the search of metrics to 2 weeks.
Option B is incorrect because the CloudWatch metrics do not include the request details.
Users need to enable AWS WAF logs for full and detailed information.
Option C is CORRECT because the WAF CloudWatch metrics are emitted in near real-time.
This is stated in the following reference.
Option D is incorrect because these CloudWatch WAF metrics do not have a five-minutes delay.
References:
https://d1.awsstatic.com/whitepapers/guidelines-implementing-aws-waf.pdf https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.htmlThe correct answer to this question is C. These CloudWatch metrics are delivered in near real-time.
Explanation: Amazon CloudWatch is a monitoring service for AWS resources and the applications that run on AWS. It can be used to collect and track metrics, collect and monitor log files, and set alarms. In the context of AWS WAF, CloudWatch can be used to monitor web ACLs and rules.
There are three CloudWatch metrics for AWS WAF that are relevant to this question: AllowedRequests, BlockedRequests, and PassedRequests. These metrics indicate the number of HTTP(S) requests that were allowed, blocked, and passed through the WAF rules, respectively.
Option A, "These CloudWatch metrics are kept for 7 days in the console," is incorrect. By default, CloudWatch metrics are stored for 15 months. However, you can also use CloudWatch Logs to store logs indefinitely.
Option B, "These CloudWatch metrics contain the details of the processed requests," is incorrect. CloudWatch metrics provide aggregated data, such as the count or sum of a particular metric over a given time period. They do not contain detailed information about individual requests.
Option D, "These CloudWatch WAF metrics are delivered with a five-minutes delay," is also incorrect. CloudWatch metrics are delivered in near real-time, typically within a few minutes of the data being generated.
Therefore, the correct answer is C, "These CloudWatch metrics are delivered in near real-time."