Easy & Quick Way To Pass Your Any Certification Exam.

My Cart (0)
Amazon SCS-C02 Dumps
Download Free Demo

Amazon SCS-C02 Exam Dumps

AWS Certified Security - Specialty

( 932 Reviews )
Total Questions : 467
Update Date : May 28, 2026
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75

Recent SCS-C02 Exam Results

Our Amazon SCS-C02 dumps are key to get success. More than 80000+ success stories.

43

Clients Passed Amazon SCS-C02 Exam Today

92%

Passing score in Real Amazon SCS-C02 Exam

95%

Questions were from our given SCS-C02 dumps


SCS-C02 Dumps

Dumpsspot offers the best SCS-C02 exam dumps that comes with 100% valid questions and answers. With the help of our trained team of professionals, the SCS-C02 Dumps PDF carries the highest quality. Our course pack is affordable and guarantees a 98% to 100% passing rate for exam. Our SCS-C02 test questions are specially designed for people who want to pass the exam in a very short time.

Most of our customers choose Dumpsspot's SCS-C02 study guide that contains questions and answers that help them to pass the exam on the first try. Out of them, many have passed the exam with a passing rate of 98% to 100% by just training online.


Top Benefits Of Amazon SCS-C02 Certification

  • Proven skills proficiency
  • High earning salary or potential
  • Opens more career opportunities
  • Enrich and broaden your skills
  • Stepping stone to avail of advance SCS-C02 certification

Who is the target audience of Amazon SCS-C02 certification?

  • The SCS-C02 PDF is for the candidates who aim to pass the Amazon Certification exam in their first attempt.
  • For the candidates who wish to pass the exam for Amazon SCS-C02 in a short period of time.
  • For those who are working in Amazon industry to explore more.

What makes us provide these Amazon SCS-C02 dumps?

Dumpsspot puts the best SCS-C02 Dumps question and answers forward for the students who want to clear the exam in their first go. We provide a guarantee of 100% assurance. You will not have to worry about passing the exam because we are here to take care of that.


Amazon SCS-C02 Sample Questions

Question # 1

A company is building an application on IAM that will store sensitive Information. Thecompany has a support team with access to the IT infrastructure, including databases. Thecompany's security engineer must introduce measures to protect the sensitive data againstany data breach while minimizing management overhead. The credentials must beregularly rotated.What should the security engineer recommend?

A. Enable Amazon RDS encryption to encrypt the database and snapshots. EnableAmazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Includethe database credential in the EC2 user data field. Use an IAM Lambda function to rotatedatabase credentials. Set up TLS for the connection to the database.
B. Install a database on an Amazon EC2 Instance. Enable third-party disk encryption toencrypt the Amazon Elastic Block Store (Amazon EBS) volume. Store the databasecredentials in IAM CloudHSM with automatic rotation. Set up TLS for the connection to thedatabase.
C. Enable Amazon RDS encryption to encrypt the database and snapshots. EnableAmazon Elastic Block Store (Amazon EBS) encryption on Amazon EC2 instances. Storethe database credentials in IAM Secrets Manager with automatic rotation. Set up TLS forthe connection to the RDS hosted database.
D. Set up an IAM CloudHSM cluster with IAM Key Management Service (IAM KMS) tostore KMS keys. Set up Amazon RDS encryption using IAM KMS to encrypt the database.Store database credentials in the IAM Systems Manager Parameter Store with automaticrotation. Set up TLS for the connection to the RDS hosted database.



Question # 2

A company's security engineer is developing an incident response plan to detectsuspicious activity in an AWS account for VPC hosted resources. The security engineerneeds to provide visibility for as many AWS Regions as possible.Which combination of steps will meet these requirements MOST cost-effectively? (SelectTWO.)

A. Turn on VPC Flow Logs for all VPCs in the account.
B. Activate Amazon GuardDuty across all AWS Regions.
C. Activate Amazon Detective across all AWS Regions.
D. Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an AmazonEventBridge rule that responds to findings and publishes the find-ings to the SNS topic.
E. Create an AWS Lambda function. Create an Amazon EventBridge rule that in-vokes theLambda function to publish findings to Amazon Simple Email Ser-vice (Amazon SES).



Question # 3

A company is developing a highly resilient application to be hosted on multiple AmazonEC2 instances . The application will store highly sensitive user data in Amazon RDS tablesThe application must• Include migration to a different IAM Region in the application disaster recovery plan.• Provide a full audit trail of encryption key administration events• Allow only company administrators to administer keys.• Protect data at rest using application layer encryptionA Security Engineer is evaluating options for encryption key managementWhy should the Security Engineer choose IAM CloudHSM over IAM KMS for encryptionkey management in this situation?

A. The key administration event logging generated by CloudHSM is significantly moreextensive than IAM KMS.
B. CloudHSM ensures that only company support staff can administer encryption keys,whereas IAM KMS allows IAM staff to administer keys
C. The ciphertext produced by CloudHSM provides more robust protection against bruteforce decryption attacks than the ciphertext produced by IAM KMS
D. CloudHSM provides the ability to copy keys to a different Region, whereas IAM KMSdoes not



Question # 4

A company wants to protect its website from man in-the-middle attacks by using AmazonCloudFront. Which solution will meet these requirements with the LEAST operationaloverhead?

A. Use the SimpleCORS managed response headers policy.
B. Use a Lambda@Edge function to add the Strict-Transport-Security response header.
C. Use the SecurityHeadersPolicy managed response headers policy.
D. Include the X-XSS-Protection header in a custom response headers policy.



Question # 5

A company's security engineer wants to receive an email alert whenever AmazonGuardDuty, AWS Identity and Access Management Access Analyzer, or Amazon Madegenerate a high-severity security finding. The company uses AWS Control Tower to governall of its accounts. The company also uses AWS Security Hub with all of the AWS serviceintegrations turned on.Which solution will meet these requirements with the LEAST operational overhead?

A. Set up separate AWS Lambda functions for GuardDuty, 1AM Access Analyzer, andMacie to call each service's public API to retrieve high-severity findings. Use AmazonSimple Notification Service (Amazon SNS) to send the email alerts. Create an AmazonEventBridge rule to invoke the functions on a schedule.
B. Create an Amazon EventBridge rule with a pattern that matches Security Hub findingsevents with high severity. Configure the rule to send the findings to a target Amazon SimpleNotification Service (Amazon SNS) topic. Subscribe the desired email addresses to theSNS topic.
C. Create an Amazon EventBridge rule with a pattern that matches AWS Control Towerevents with high severity. Configure the rule to send the findings to a target Amazon SimpleNotification Service (Amazon SNS) topic. Subscribe the desired email addresses to theSNS topic.
D. Host an application on Amazon EC2 to call the GuardDuty, 1AM Access Analyzer, and Macie APIs. Within the application, use the Amazon Simple Notification Service (AmazonSNS) API to retrieve high-severity findings and to send the findings to an SNS topic.Subscribe the desired email addresses to the SNS topic.



Question # 6

A company uses a third-party identity provider and SAML-based SSO for its AWSaccounts. After the third-party identity provider renewed an expired signing certificate,users saw the following message when trying to log in:Error: Response Signature Invalid (Service: AWSSecurityTokenService; Status Code: 400;Error Code: InvalidldentityToken)A security engineer needs to provide a solution that corrects the error and min-imizesoperational overhead.Which solution meets these requirements?

A. Upload the third-party signing certificate's new private key to the AWS identity providerentity defined in AWS Identity and Access Management (IAM) by using the AWSManagement Console.
B. Sign the identity provider's metadata file with the new public key. Upload the signatureto the AWS identity provider entity defined in AWS Identity and Access Management (IAM)by using the AWS CU.
C. Download the updated SAML metadata file from the identity service provid-er. Updatethe file in the AWS identity provider entity defined in AWS Identity and AccessManagement (IAM) by using the AWS CLI.
D. Configure the AWS identity provider entity defined in AWS Identity and Ac-cess Management (IAM) to synchronously fetch the new public key by using the AWSManagement Console.



Question # 7

A company is running its workloads in a single AWS Region and uses AWS Organizations.A security engineer must implement a solution to prevent users from launching resourcesin other Regions.Which solution will meet these requirements with the LEAST operational overhead?

A. Create an IAM policy that has an aws RequestedRegion condition that allows actionsonly in the designated Region Attach the policy to all users.
B. Create an I AM policy that has an aws RequestedRegion condition that denies actionsthat are not in the designated Region Attach the policy to the AWS account in AWSOrganizations.
C. Create an IAM policy that has an aws RequestedRegion condition that allows thedesired actions Attach the policy only to the users who are in the designated Region.
D. Create an SCP that has an aws RequestedRegion condition that denies actions that arenot in the designated Region. Attach the SCP to the AWS account in AWS Organizations.



Question # 8

A security engineer wants to use Amazon Simple Notification Service (Amazon SNS) tosend email alerts to a company's security team for Amazon GuardDuty findingsthat have a High severity level. The security engineer also wants to deliver these findings toa visualization tool for further examination.Which solution will meet these requirements?

A. Set up GuardDuty to send notifications to an Amazon CloudWatch alarm with twotargets in CloudWatch. From CloudWatch, stream the findings through Amazon KinesisData Streams into an Amazon OpenSearch Service domain as the first target for delivery.Use Amazon QuickSight to visualize the findings. Use OpenSearch queries for furtheranalysis. Deliver email alerts to the security team by configuring an SNS topic as a secondtarget for the CloudWatch alarm. Use event pattern matching with an Amazon EventBridgeevent rule to send only High severity findings in the alerts.
B. Set up GuardDuty to send notifications to AWS CloudTrail with two targets in CloudTrail.From CloudTrail, stream the findings through Amazon Kinesis Data Firehose into anAmazon OpenSearch Service domain as the first target for delivery. Use OpenSearchDashboards to visualize the findings. Use OpenSearch queries for further analysis. Deliveremail alerts to the security team by configuring an SNS topic as a second target forCloudTraiI. Use event pattern matching with a CloudTrail event rule to send only Highseverity findings in the alerts.
C. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. FromEventBridge, stream the findings through Amazon Kinesis Data Firehose into an AmazonOpenSearch Service domain as the first target for delivery. Use OpenSearch Dashboardsto visualize the findings. Use OpenSearch queries for further analysis. Deliver email alertsto the security team by configuring an SNS topic as a second target for EventBridge. Useevent pattern matching with an EventBridge event rule to send only High severity findingsin the alerts.
D. Set up GuardDuty to send notifications to Amazon EventBridge with two targets. FromEventBridge, stream the findings through Amazon Kinesis Data Streams into an AmazonOpenSearch Service domain as the first target for delivery. Use Amazon QuickSight tovisualize the findings. Use OpenSearch queries for further analysis. Deliver email alerts tothe security team by configuring an SNS topic as a second target for EventBridge. Useevent pattern matching with an EventBridge event rule to send only High severity findingsin the alerts.



Question # 9

A company wants to prevent SSH access through the use of SSH key pairs for anyAmazon Linux 2 Amazon EC2 instances in its AWS account. However, a systemadministrator occasionally will need to access these EC2 instances through SSH in anemergency. For auditing purposes, the company needs to record any commands that auser runs in an EC2 instance.What should a security engineer do to configure access to these EC2 instances to meetthese requirements?

A. Use the EC2 serial console Configure the EC2 serial console to save all commands thatare entered to an Amazon S3 bucket. Provide the EC2 instances with an IAM role thatallows the EC2 serial console to access Amazon S3. Configure an IAM account for thesystem administrator. Provide an IAM policy that allows the IAM account to use the EC2serial console.
B. Use EC2 Instance Connect Configure EC2 Instance Connect to save all commands thatare entered to Amazon CloudWatch Logs. Provide the EC2 instances with an IAM role thatallows the EC2 instances to access CloudWatch Logs Configure an IAM account for thesystem administrator. Provide an IAM policy that allows the IAM account to use EC2Instance Connect.
C. Use an EC2 key pair with an EC2 instance that needs SSH access Access the EC2instance with this key pair by using SSH. Configure the EC2 instance to save allcommands that are entered to Amazon CloudWatch Logs. Provide the EC2 instance withan IAM role that allows the EC2 instance to access Amazon S3 and CloudWatch Logs.
D. Use AWS Systems Manager Session Manager Configure Session Manager to save allcommands that are entered in a session to an Amazon S3 bucket. Provide the EC2instances with an IAM role that allows Systems Manager to manage the EC2 instances.Configure an IAM account for the system administrator Provide an IAM policy that allowsthe IAM account to use Session Manager.



Question # 10

An organization must establish the ability to delete an IAM KMS Customer Master Key(CMK) within a 24-hour timeframe to keep it from being used for encrypt or decryptoperations Which of tne following actions will address this requirement?

A. Manually rotate a key within KMS to create a new CMK immediately
B. Use the KMS import key functionality to execute a delete key operation
C. Use the schedule key deletion function within KMS to specify the minimum wait periodfor deletion
D. Change the KMS CMK alias to immediately prevent any services from using the CMK.



Question # 11

A company is designing a multi-account structure for its development teams. The companyis using AWS Organizations and AWS Single Sign-On (AWS SSO). The company mustimplement a solution so that the development teams can use only specific AWS Regionsand so that each AWS account allows access to only specific AWS services.Which solution will meet these requirements with the LEAST operational overhead?

A. Use AWS SSO to set up service-linked roles with IAM policy statements that include theCondition, Resource, and NotAction elements to allow access to only the Regions and services that are needed.
B. Deactivate AWS Security Token Service (AWS STS) in Regions that the developers arenot allowed to use.
C. Create SCPs that include the Condition, Resource, and NotAction elements to allowaccess to only the Regions and services that are needed.
D. For each AWS account, create tailored identity-based policies for AWS SSO. Usestatements that include the Condition, Resource, and NotAction elements to allow accessto only the Regions and services that are needed.



Question # 12

A company's Chief Security Officer has requested that a Security Analyst review andimprove the security posture of each company IAM account The Security Analyst decidesto do this by Improving IAM account root user security.Which actions should the Security Analyst take to meet these requirements? (SelectTHREE.)

A. Delete the access keys for the account root user in every account.
B. Create an admin IAM user with administrative privileges and delete the account rootuser in every account.
C. Implement a strong password to help protect account-level access to the IAMManagement Console by the account root user.
D. Enable multi-factor authentication (MFA) on every account root user in all accounts.
E. Create a custom IAM policy to limit permissions to required actions for the account rootuser and attach the policy to the account root user.
F. Attach an IAM role to the account root user to make use of the automated credentialrotation in IAM STS.



Question # 13

A company has a relational database workload that runs on Amazon Aurora MySQL.According to new compliance standards the company must rotate all database credentialsevery 30 days. The company needs a solution that maximizes security and minimizesdevelopment effort.Which solution will meet these requirements?

A. Store the database credentials in AWS Secrets Manager. Configure automaticcredential rotation tor every 30 days.
B. Store the database credentials in AWS Systems Manager Parameter Store. Create anAWS Lambda function to rotate the credentials every 30 days.
C. Store the database credentials in an environment file or in a configuration file. Modify thecredentials every 30 days.
D. Store the database credentials in an environment file or in a configuration file. Create anAWS Lambda function to rotate the credentials every 30 days.



Question # 14

A website currently runs on Amazon EC2, wan mostly statics content on the site. Recentlythe site was subjected to a DDoS attack a security engineer was (asked was redesigningthe edge security to helpMitigate this risk in the future.What are some ways the engineer could achieve this (Select THREE)?

A. Use IAM X-Ray to inspect the trafc going to the EC2 instances.
B. Move the static content to Amazon S3, and front this with an Amazon Cloud Frontdistribution.
C. Change the security group conguration to block the source of the attack trafc
D. Use IAM WAF security rules to inspect the inbound trafc.
E. Use Amazon Inspector assessment templates to inspect the inbound traffic.
F. Use Amazon Route 53 to distribute trafc.



Question # 15

A company is building a data processing application mat uses AWS Lambda functions. Theapplication's Lambda functions need to communicate with an Amazon RDS OB instancethat is deployed within a VPC in the same AWS accountWhich solution meets these requirements in the MOST secure way?

A. Configure the DB instance to allow public access Update the DB instance security groupto allow access from the Lambda public address space for the AWS Region
B. Deploy the Lambda functions inside the VPC Attach a network ACL to the Lambdasubnet Provide outbound rule access to the VPC CIDR range only Update the DB instancesecurity group to allow traffic from 0.0.0.0/0
C. Deploy the Lambda functions inside the VPC Attach a security group to the Lambdafunctions Provide outbound rule access to the VPC CIDR range only Update the DBinstance security group to allow traffic from the Lambda security group
D. Peer the Lambda default VPC with the VPC that hosts the DB instance to allow directnetwork access without the need for security groups



Question # 16

A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. Afew days later, the Security Engineer adds an additional statement to the bucket policy toallow read-only access to one other employee. Even after updating the policy, theemployee still receives an access denied message.What is the likely cause of this access denial?

A. The ACL in the bucket needs to be updated
B. The IAM policy does not allow the user to access the bucket
C. It takes a few minutes for a bucket policy to take effect
D. The allow permission is being overridden by the deny



Question # 17

A company has launched an Amazon EC2 instance with an Amazon Elastic Block Store(Amazon EBS) volume in the us-east-1 Region The volume is encrypted with an AWS KeyManagement Service (AWS KMS) customer managed key that the company's securityteam created The security team has created an 1AM key policy and has assigned thepolicy to the key The security team has also created an 1AM instance profile and hasassigned the profile to the instanceThe EC2 instance will not start and transitions from the pending state to the shutting-downstate to the terminated stateWhich combination of steps should a security engineer take to troubleshoot this issue?(Select TWO )

A. Verify that the KMS key policy specifies a deny statement that prevents access to thekey by using the aws SourcelP condition key Check that the range includes the EC2instance IP address that is associated with the EBS volume
B. Verify that the KMS key that is associated with the EBS volume is set to the Symmetrickey type
C. Verify that the KMS key that is associated with the EBS volume is in the Enabled state
D. Verify that the EC2 role that is associated with the instance profile has the correct 1AMinstance policy to launch an EC2 instance with the EBS volume
E. Verify that the key that is associated with the EBS volume has not expired and needs tobe rotated



Question # 18

Auditors for a health care company have mandated that all data volumes be encrypted atrest Infrastructure is deployed mainly via IAM CloudFormation however third-partyframeworks and manual deployment are required on some legacy systemsWhat is the BEST way to monitor, on a recurring basis, whether all EBS volumes areencrypted?

A. On a recurring basis, update an IAM user policies to require that EC2 instances arecreated with an encrypted volume
B. Configure an IAM Config rule lo run on a recurring basis 'or volume encryption
C. Set up Amazon Inspector rules tor volume encryption to run on a recurring schedule
D. Use CloudWatch Logs to determine whether instances were created with an encryptedvolume



Question # 19

A security engineer is configuring account-based access control (ABAC) to allow onlyspecific principals to put objects into an Amazon S3 bucket. The principals already haveaccess to Amazon S3.The security engineer needs to configure a bucket policy that allows principals to putobjects into the S3 bucket only if the value of the Team tag on the object matches the valueof the Team tag that is associated with the principal. During testing, the security engineernotices that a principal can still put objects into the S3 bucket when the tag values do notmatch.Which combination of factors are causing the PutObject operation to succeed when the tagvalues are different? (Select TWO.)

A. The principal's identity-based policy grants access to put objects into the S3 bucket withno conditions.
B. The principal's identity-based policy overrides the condition because the identity-basedpolicy contains an explicit allow.
C. The S3 bucket's resource policy does not deny access to put objects.
D. The S3 bucket's resource policy cannot allow actions to the principal.
E. The bucket policy does not apply to principals in the same zone of trust.



Question # 20

A company's Security Engineer has been tasked with restricting a contractor's IAM accountaccess to the company's Amazon EC2 console without providing access to any other AWS services. The contractor's IAM account must not be able to gain access to any other AWSservice, even if the IAM account is assigned additional permissions based on IAM groupmembership.What should the Security Engineer do to meet these requirements?

A. Create an Inline IAM user policy that allows for Amazon EC2 access for the contractor'sIAM user.
B. Create an IAM permissions boundary policy that allows Amazon EC2 access. Associatethe contractor's IAM account with the IAM permissions boundary policy.
C. Create an IAM group with an attached policy that allows for Amazon EC2 access.Associate the contractor's IAM account with the IAM group.
D. Create an IAM role that allows for EC2 and explicitly denies all other services. Instructthe contractor to always assume this role.



Question # 21

company accidentally deleted the private key for an Amazon Elastic Block Store(Amazon EBS)-backed Amazon EC2 instance. A security engineer needs to regain accessto the instance.Which combination of steps will meet this requirement? (Choose two.)

A. Stop the instance. Detach the root volume. Generate a new key pair.
B. Keep the instance running. Detach the root volume. Generate a new key pair.
C. When the volume is detached from the original instance, attach the volume to anotherinstance as a data volume. Modify the authorized_keys file with a new public key. Move thevolume back to the original instance. Start the instance.
D. When the volume is detached from the original instance, attach the volume to anotherinstance as a data volume. Modify the authorized_keys file with a new private key. Movethe volume back to the original instance. Start the instance.
E. When the volume is detached from the original instance, attach the volume to anotherinstance as a data volume. Modify the authorized_keys file with a new public key. Move thevolume back to the original instance that is running.



Question # 22

A security engineer needs to develop a process to investigate and respond to po-tentialsecurity events on a company's Amazon EC2 instances. All the EC2 in-stances are backedby Amazon Elastic Block Store (Amazon EBS). The company uses AWS Systems Managerto manage all the EC2 instances and has installed Systems Manager Agent (SSM Agent)on all the EC2 instances.The process that the security engineer is developing must comply with AWS secu-rity bestpractices and must meet the following requirements:• A compromised EC2 instance's volatile memory and non-volatile memory must bepreserved for forensic purposes.• A compromised EC2 instance's metadata must be updated with corresponding inci-dentticket information.• A compromised EC2 instance must remain online during the investigation but must beisolated to prevent the spread of malware.• Any investigative activity during the collection of volatile data must be cap-tured as part ofthe process.Which combination of steps should the security engineer take to meet these re-quirementswith the LEAST operational overhead? (Select THREE.)

A. Gather any relevant metadata for the compromised EC2 instance. Enable ter-minationprotection. Isolate the instance by updating the instance's secu-rity groups to restrictaccess. Detach the instance from any Auto Scaling groups that the instance is a membe of. Deregister the instance from any Elastic Load Balancing (ELB) resources.
B. Gather any relevant metadata for the compromised EC2 instance. Enable ter-minationprotection. Move the instance to an isolation subnet that denies all source and destinationtraffic. Associate the instance with the subnet to restrict access. Detach the instance fromany Auto Scaling groups that the instance is a member of. Deregister the instance from anyElastic Load Balancing (ELB) resources.
C. Use Systems Manager Run Command to invoke scripts that collect volatile data.
D. Establish a Linux SSH or Windows Remote Desktop Protocol (RDP) session to thecompromised EC2 instance to invoke scripts that collect volatile data.
E. Create a snapshot of the compromised EC2 instance's EBS volume for follow-upinvestigations. Tag the instance with any relevant metadata and inci-dent ticket information.
F. Create a Systems Manager State Manager association to generate an EBS vol-umesnapshot of the compromised EC2 instance. Tag the instance with any relevant metadataand incident ticket information.



Question # 23

A company used a lift-and-shift approach to migrate from its on-premises data centers tothe AWS Cloud. The company migrated on-premises VMS to Amazon EC2 in-stances.Now the company wants to replace some of components that are running on the EC2instances with managed AWS services that provide similar functionality.Initially, the company will transition from load balancer software that runs on EC2 instancesto AWS Elastic Load Balancers. A security engineer must ensure that after this transition,all the load balancer logs are centralized and searchable for auditing. The security engineermust also ensure that metrics are generated to show which ciphers are in use.Which solution will meet these requirements?

A. Create an Amazon CloudWatch Logs log group. Configure the load balancers to sendlogs to the log group. Use the CloudWatch Logs console to search the logs. CreateCloudWatch Logs filters on the logs for the required met-rics.loudWatch.
B. Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create AmazonCloudWatch filters on the S3 log files for the re-quired metrics.
C. Create an Amazon S3 bucket. Configure the load balancers to send logs to the S3bucket. Use Amazon Athena to search the logs that are in the S3 bucket. Create Athenaqueries for the required metrics. Publish the metrics to Amazon C
D. Create an Amazon CloudWatch Logs log group. Configure the load balancers to sendlogs to the log group. Use the AWS Management Console to search the logs. CreateAmazon Athena queries for the required metrics. Publish the metrics to AmazonCloudWatch.