ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 10 · Domain 1.2: Secure Workloads
A company requires strict auditing of its AWS environment. They need to record all API calls and ensure that the log files have not been tampered with after creation. Which TWO features should be enabled? (Select TWO.)
A company requires strict auditing of its AWS environment. They need to record all API calls and ensure that the log files have not been tampered with after creation. Which TWO features should be enabled? (Select TWO.)
Answer options:
A.
Enable AWS CloudTrail.
B.
Enable AWS Config.
C.
Enable CloudTrail log file validation.
D.
Enable S3 Object Lock in governance mode.
E.
Enable Amazon CloudWatch Logs.
How to approach this question
Identify the service for API logging (CloudTrail) and its native feature for integrity (log file validation).
Full Answer
Enable AWS CloudTrail and CloudTrail log file validation.
AWS CloudTrail records API activity. By enabling CloudTrail log file validation, AWS creates a digitally signed digest file, allowing you to verify that log files remained unchanged since CloudTrail delivered them.
Common mistakes
Choosing AWS Config instead of CloudTrail for API logging.
Practice the full AWS SAA-C03 Practice Exam 3
65 questions · hints · full answers · grading
More questions from this exam
Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...EasyQ02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...MediumQ03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...EasyQ04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...MediumQ05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium