Amazon Web Services SAA-C03 Exam With Confidence Using Practice Dumps

This solution is the most cost-effective and scalable for analyzing large amounts of web traffic logs.

Amazon S3: Storing the logs in Amazon S3 is highly scalable, durable, and cost-effective. S3 is designed to handle large-scale data storage, which is ideal for storing tens of gigabytes of log data generated daily by multiple websites.

Amazon Athena: Athena is a serverless, interactive query service that allows you to analyze data in S3 using standard SQL. It works directly with the data stored in S3, so there’s no need to load the data into a database, which saves on costs and reduces complexity. Athena charges based on the amount of data scanned by queries, making it a cost-effective solution for on-demand analysis that only occurs once a week.

Why Not Other Options?:

Option B (Amazon RDS): Storing logs in a relational database like Amazon RDS would be more expensive due to the storage and I/O costs associated with RDS. Additionally, it would require more management overhead.

Option C (Amazon OpenSearch Service): OpenSearch is a good option for full-text search and analytics on log data, but it might be more costly and complex to manage compared to the simplicity and cost-effectiveness of Athena for periodic SQL-based queries.

Option D (Amazon EMR): While EMR can handle large-scale data processing, it involves more operational overhead and might be overkill for the type of ad-hoc, SQL-based analysis required here. Additionally, EMR costs can be higher due to the need to maintain a cluster.

AWS References:

Amazon S3- Information on how to store and manage data in Amazon S3.

Amazon Athena- Documentation on using Amazon Athena for querying data stored in S3 using SQL.

AWS provides EBS Block Public Access at the AWS Organizations level, which, when enabled, prevents EBS snapshots from being shared publicly across all member accounts. This is an organization-wide control that requires minimal configuration and no ongoing monitoring to prevent public sharing.

This directly satisfies the requirement:

Covers all accounts managed by Organizations.

Explicitly prevents public snapshot sharing.

Has the least operational overhead because it is a single centralized control.

AWS Config (Option A) only monitors and alerts, but does not prevent public sharing.

An IAM policy in the root account (Option C) is harder to enforce consistently across all accounts and may not cover all permission paths.

CloudTrail (Option D) only logs events and does not prevent public access.

Detailed Explanation:

A. EventBridge Rule:Detects modifications to CloudFront distributions in real time and triggers the Lambda function for further action.

B. ALB + Config:Focuses on ALB security violations, not relevant for CloudFront logging changes.

C. Lambda + SNS:Provides real-time notifications about changes in logging configuration.

D. GuardDuty:Focuses on threat detection, not logging configuration changes.

E. API Gateway + WAF:Unrelated to CloudFront logging changes.