Amazon Exam AWS-Security-Specialty Topic 2 Question 3 Discussion

Actual exam question for Amazon's AWS-Security-Specialty exam

Question #: 3
Topic #: 2

A company has five AWS accounts and wants to use AWS CloudTrail to log API calls. The log files must be stored in an Amazon S3 bucket that resides in a new account specifically built for centralized services with a unique top-level prefix for each trail. The configuration must also enable detection of any modification to the logs.

Which of the following steps will implement these requirements? (Choose three.)

ACreate a new S3 bucket in a separate AWS account for centralized storage of CloudTrail logs, and enable ''Log File Validation'' on all trails.

BUse an existing S3 bucket in one of the accounts, apply a bucket policy to the new centralized S3 bucket that permits the CloudTrail service to use the 's3: PutObject' action and the 's3 GetBucketACL' action, and specify the appropriate resource ARNs for the CloudTrail trails.

CApply a bucket policy to the new centralized S3 bucket that permits the CloudTrail service to use the 's3 PutObject' action and the 's3 GelBucketACL' action, and specify the appropriate resource ARNs for the CloudTrail trails.

DUse unique log file prefixes for trails in each AWS account.

EConfigure CloudTrail in the centralized account to log all accounts to the new centralized S3 bucket.

FEnable encryption of the log files by using AWS Key Management Service

Show Suggested Answer

Suggested Answer: B, E, F

by Brittni at Dec 26, 2022, 07:19 AM

Limited Time Offer

25%

Off

Get Premium AWS-Security-Specialty Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!