What should the Database Specialist do to automatically collect the database logs for the Administrator?

A marketing company is using Amazon DocumentDB and requires that database audit logs be enabled. A Database Specialist needs to configure monitoring so that all data definition language (DDL) statements performed are visible to the Administrator. The Database Specialist has set the audit_logs parameter to enabled in the cluster parameter group.

What should the Database Specialist do to automatically collect the database logs for the Administrator?
A . Enable DocumentDB to export the logs to Amazon CloudWatch Logs
B . Enable DocumentDB to export the logs to AWS CloudTrail
C . Enable DocumentDB Events to export the logs to Amazon CloudWatch Logs
D . Configure an AWS Lambda function to download the logs using the download-db-log-file-portion operation and store the logs in Amazon S3

View Answer

Answer: C

Explanation:

https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html

Auditing Amazon DocumentDB Events

PDF

Kindle

RSS

With Amazon DocumentDB (with MongoDB compatibility), you can audit events that were performed in your cluster. Examples of logged events include successful and failed authentication attempts, dropping a collection in a database, or creating an index. By default, auditing is disabled on Amazon DocumentDB and requires that you opt in to use this feature.

When auditing is enabled, Amazon DocumentDB records Data Definition Language (DDL), authentication, authorization, and user management events to Amazon CloudWatch Logs. When auditing is enabled, Amazon DocumentDB exports your cluster’s auditing records (JSON documents) to Amazon CloudWatch Logs. You can use Amazon CloudWatch Logs to analyze, monitor, and archive your Amazon DocumentDB auditing events.