An organization wants to log all AWS API calls made within all of its AWS accounts, and must have a central place to analyze these logs. What steps should be taken to meet these requirements in the MOST secure manner? (Choose two.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Turn on AWS CloudTrail in each AWS account.
B. Turn on CloudTrail in only the account that will be storing the logs.
C. Update the bucket ACL of the bucket in the account that will be storing the logs so that other accounts can log to it.
D. Create a service-based role for CloudTrail and associate it with CloudTrail in each account.
E. Update the bucket policy of the bucket in the account that will be storing the logs so that other accounts can log to it.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

An organization wants to log all AWS API calls made within all of its AWS accounts, and must have a central place to analyze these logs. What steps should be taken to meet these requirements in the MOST secure manner? (Choose two.)

Suggested Answer:

Share this post

Join the Discussion