🔥 3-day streak
AWS Certified Security - Specialty26 / 184
Question 26 of 184
A security analyst uses CloudWatch Logs Insights to investigate a suspected credential-stuffing attack against an application. The application writes JSON-formatted logs to a log group that contains 90 days of data across dozens of streams. The analyst runs a query filtering for failed authentication events over the last 24 hours, but the queries consistently time out or return very slowly, and the team is concerned about the cost of repeatedly scanning the full dataset. Which change will MOST effectively reduce query latency and cost while preserving the ability to investigate this incident?
Reviewed for accuracy · Report an issueNext question