A company is using AWS Organizations to create OUs for its accounts. The company has more than 20 accounts that are all part of the OUs. A security engineer must implement a solution to ensure that no account can stop log file delivery to AWS CloudTrail. Which solution will meet this requirement?

Topic #: - All AWS Certified Security - Specialty Questions

A. Use the –is-multi-region-trail option while running the create-trail command to ensure that logs are configured across all AWS Regions.
B. Create an SCP that includes a Deny rule for the cloudtrail:StopLogging action. Apply the SCP to all accounts in the OUs.
C. Create an SCP that includes an Allow rule for the cloudtrail:StopLogging action. Apply the SCP to all accounts in the OUs.
D. Use AWS Systems Manager to ensure that CloudTrail is always turned on.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A company is using AWS Organizations to create OUs for its accounts. The company has more than 20 accounts that are all part of the OUs. A security engineer must implement a solution to ensure that no account can stop log file delivery to AWS CloudTrail. Which solution will meet this requirement?

Suggested Answer:

Reference Material:

A company is using AWS Organizations to create OUs for its accounts. The company has more than 20 accounts that are all part of the OUs. A security engineer must implement a solution to ensure that no account can stop log file delivery to AWS CloudTrail. Which solution will meet this requirement?

Suggested Answer:

Reference Material:

Share this post

Join the Discussion