AWS Certified Advanced Networking Specialty Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified Advanced Networking Specialty Exam with detailed flashcards and multiple-choice questions. Each question includes hints and explanations. Ace your exam with confidence!

Practice this question and more.

To improve security in a hybrid DNS infrastructure, what mechanism can be used to track and analyze DNS queries?

VPC Flow Logs
Route 53 Resolver query logging
Lex and Polly integration
CloudTrail

The correct answer is: Route 53 Resolver query logging

Using Route 53 Resolver query logging is the most effective mechanism to track and analyze DNS queries in a hybrid DNS infrastructure. This feature allows you to log queries made to your Route 53 Resolver, giving you insights into the DNS traffic, including which queries are being made and from where. These logs can be invaluable for security analysis, compliance monitoring, and troubleshooting DNS-related issues. Query logging for Route 53 Resolver can capture detailed information about DNS queries, such as the query name, the query type, and the source IP address of the requester. This data can be sent to Amazon S3 or CloudWatch Logs for further analysis, allowing security teams to detect unusual patterns or potential threats. While VPC Flow Logs provide information about the IP traffic going to and from network interfaces in your VPC, they are not specific to DNS queries and do not offer the detailed query-level insights necessary for tracking DNS activity. Logging through CloudTrail is focused on API activity and does not capture real-time DNS queries. Additionally, Lex and Polly integration are services that provide natural language processing capabilities and speech synthesis, which are unrelated to DNS query tracking. Therefore, Route 53 Resolver query logging stands out as the appropriate tool for enhancing security through DNS query analysis.