Valid SCS-C03 Dumps shared by EduDump.com for Helping Passing SCS-C03 Exam! EduDump.com now offer the newest SCS-C03 exam dumps, the EduDump.com SCS-C03 exam questions have been updated and answers have been corrected get the newest EduDump.com SCS-C03 dumps with Test Engine here:
A company's web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. An AWS WAF web ACL is associated with the ALB. Instance logs are lost after reboots. The operations team suspects malicious activity targeting a specific PHP file. Which set of actions will identify the suspect attacker's IP address for future occurrences?
Correct Answer: D
AWS WAF logs contain detailed request-level information, including source IP addresses, requested URIs, and rule matches. According to AWS Certified Security - Specialty guidance, enabling AWS WAF logging provides the most reliable and tamper-resistant method to investigate web-based attacks, especially when instance-level logs are unavailable. By streaming WAF logs through Amazon Kinesis Data Firehose to Amazon S3, the company ensures durable, centralized log storage that is independent of EC2 lifecycle events. Amazon Athena can then query the logs efficiently to identify repeated requests to the new-user-creation.php endpoint and extract attacker IP addresses. VPC Flow Logs do not capture HTTP-level details. ALB access logs alone may not capture blocked requests. WAF logs provide the best forensic visibility for future detection. Referenced AWS Specialty Documents: AWS Certified Security - Specialty Official Study Guide AWS WAF Logging and Monitoring Amazon Athena Log Analysis
