Question 9
Domain 2: Security Logging and MonitoringA security engineer is comparing logging features across several AWS services for a new monitoring design. Which set of attributes should the engineer evaluate to determine the services' logging capabilities?
Correct answer: B
Explanation
When assessing logging capabilities, focus on the characteristics of the logs themselves, including log levels, log type, and verbosity. — AWS-Certified-Security-Specialty_Exam-Guide.txt
Why each option is right or wrong
A. Retention period, storage class, and replication status
Logging capabilities are described by log levels, type, and verbosity.
B. Log levels, log type, and verbosity settings
The source material for attributes of logging capabilities explicitly identifies log levels, type, and verbosity. In this comparison of AWS service logging features, those three attributes are the relevant criteria to evaluate.
C. Encryption method, key rotation, and access latency
Logging capabilities are described by log levels, type, and verbosity.
D. Instance size, network throughput, and regional availability
Logging capabilities are described by log levels, type, and verbosity.