Here are 50 unique questions and answers for Domain 2: Security Logging and Monitoring, covering all task statements, knowledge, and skills as outlined in the AWS Certified Security - Specialty (SCS-C02) Exam Guide.
Enjoy...
## Domain 2: Security Logging and Monitoring
### Task Statement 2.1: Design and implement monitoring and alerting to address security events.
**Knowledge of:**
- 2.1.1 AWS services that monitor events and provide alarms (for example, CloudWatch, EventBridge)
- 2.1.2 AWS services that automate alerting (for example, Lambda, Amazon Simple Notification Service [Amazon SNS], Security Hub)
- 2.1.3 Tools that monitor metrics and baselines (for example, GuardDuty, Systems Manager)
**Skills in:**
- 2.1.4 Analyzing architectures to identify monitoring requirements and sources of data for security monitoring
- 2.1.5 Analyzing environments and workloads to determine monitoring requirements
- 2.1.6 Designing environment monitoring and workload monitoring based on business and security requirements
- 2.1.7 Setting up automated tools and scripts to perform regular audits (for example, by creating custom insights in Security Hub)
- 2.1.8 Defining the metrics and thresholds that generate alerts
### Task Statement 2.2: Troubleshoot security monitoring and alerting.
**Knowledge of:**
- 2.2.1 Configuration of monitoring services (for example, Security Hub)
- 2.2.2 Relevant data that indicates security events
**Skills in:**
- 2.2.3 Analyzing the service functionality, permissions, and configuration of resources after an event that did not provide visibility or alerting
- 2.2.4 Analyzing and remediating the configuration of a custom application that is not reporting its statistics
- 2.2.5 Evaluating logging and monitoring services for alignment with security requirements
### Task Statement 2.3: Design and implement a logging solution.
**Knowledge of:**
- 2.3.1 AWS services and features that provide logging capabilities (for example, VPC Flow Logs, DNS logs, AWS CloudTrail, Amazon CloudWatch Logs)
- 2.3.2 Attributes of logging capabilities (for example, log levels, type, verbosity)
- 2.3.3 Log destinations and lifecycle management (for example, retention period)
**Skills in:**
- 2.3.4 Configuring logging for services and applications
- 2.3.5 Identifying logging requirements and sources for log ingestion
- 2.3.6 Implementing log storage and lifecycle management according to AWS best practices and organizational requirements
### Task Statement 2.4: Troubleshoot logging solutions.
**Knowledge of:**
- 2.4.1 Capabilities and use cases of AWS services that provide data sources (for example, log level, type, verbosity, cadence, timeliness, immutability)
- 2.4.2 AWS services and features that provide logging capabilities (for example, VPC Flow Logs, DNS logs, CloudTrail, CloudWatch Logs)
- 2.4.3 Access permissions that are necessary for logging
**Skills in:**
- 2.4.4 Identifying misconfiguration and determining remediation steps for absent access permissions that are necessary for logging (for example, by managing read/write permissions, S3 bucket permissions, public access, and integrity)
- 2.4.5 Determining the cause of missing logs and performing remediation steps
### Task Statement 2.5: Design a log analysis solution.
**Knowledge of:**
- 2.5.1 Services and tools to analyze captured logs (for example, Athena, CloudWatch Logs filter)
- 2.5.2 Log analysis features of AWS services (for example, CloudWatch Logs Insights, CloudTrail Insights, Security Hub insights)
- 2.5.3 Log format and components (for example, CloudTrail logs)
**Skills in:**
- 2.5.4 Identifying patterns in logs to indicate anomalies and known threats
- 2.5.5 Normalizing, parsing, and correlating logs
