How should the security engineer correct the error?

SCS-C02 V2 0 Comments

A security engineer logs in to the AWS Lambda console with administrator permissions. The security engineer is trying to view logs in Amazon CloudWatch for a Lambda function that is named my Function.

When the security engineer chooses the option in the Lambda console to view logs in CloudWatch, an “error loading Log Streams" message appears.

The IAM policy for the Lambda function’s execution role contains the following:

How should the security engineer correct the error?
A . Move the logs:CreateLogGroup action to the second Allow statement.
B . Add the logs:PutDestination action to the second Allow statement.
C . Add the logs:GetLogEvents action to the second Allow statement.
D . Add the logs:CreateLogStream action to the second Allow statement.

Answer: D

Explanation:

CloudWatchLogsReadOnlyAccess doesn’t include "logs:CreateLogStream" but it includes "logs:Get*" https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-identity-based-access-control-cwl.html#:~:tex

Latest SCS-C02 Dumps Valid Version with 235 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SCS-C02 PDF     SCS-C02 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments