During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent. Why were there no alerts on the sudo commands?
A) There is a security group blocking outbound port 80 traffic that is preventing the agent from sending the logs.
B) The IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch.
C) CloudWatch Logs status is set to ON versus SECURE, which prevents if from pulling in OS security event logs.
D) The VPC requires that all traffic go through a proxy, and the CloudWatch Logs agent does not support a proxy configuration.
Correct Answer:
Verified
Q216: A company is collecting AWS CloudTrail log
Q217: The Development team receives an error message
Q218: A company has a web-based application using
Q219: A company is configuring three Amazon EC2
Q220: A company needs to migrate several applications
Q222: An application running on Amazon EC2 instances
Q223: A company requires that SSH commands used
Q224: A large company wants its Compliance team
Q225: A large corporation is creating a multi-account
Q226: A company needs a forensic-logging solution for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents