Amazon Exam SCS-C01 Topic 5 Question 22 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 22
Topic #: 5

A company manages multiple AWS accounts using AWS Organizations. The company's security team notices that some member accounts are not sending AWS CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured (or all existing accounts and for any account that is created in the future.

Which set of actions should the security team implement to accomplish this?

ACreate a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge (Amazon CloudWatch Events) to send notification if a trail is deleted or stopped.

BDeploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed.

CEdit the existing trail in the Organizations master account and apply it to the organization.

DCreate an SCP to deny the cloudtrail:Delete' and cloudtrail:Stop' actions. Apply the SCP to all accounts.

Show Suggested Answer

Suggested Answer: C

by Carin at May 08, 2022, 12:03 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!