A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access. Which actions must the Security Engineer take to access these audit findings? (Choose three.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Ensure CloudTrail log file validation is turned on.
B. Configure an S3 lifecycle rule to periodically archive CloudTrail logs into Glacier for long-term storage.
C. Use an S3 bucket with tight access controls that exists in a separate account.
D. Use Amazon Inspector to monitor the file integrity of CloudTrail log files.
E. Request a certificate through ACM and use a generated certificate private key to encrypt CloudTrail log files.
F. Encrypt the CloudTrail log files with server-side encryption AWS KMS-managed keys (SSE-KMS).

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access. Which actions must the Security Engineer take to access these audit findings? (Choose three.)

Suggested Answer:

Share this post

Join the Discussion