ExpertAWS SAP-C02 · Question 38 · Domain 1.2: Security Controls
An enterprise has a strict regulatory requirement that all API calls made within their AWS environment must be logged, and these logs must be stored in a centralized, highly secure account. The logs must be cryptographically verifiable to prove they have not been tampered with. How should this be configured?
An enterprise has a strict regulatory requirement that all API calls made within their AWS environment must be logged, and these logs must be stored in a centralized, highly secure account. The logs must be cryptographically verifiable to prove they have not been tampered with. How should this be configured?
Answer options:
Enable AWS Config in all accounts and send the configuration history to Amazon S3.
Create an AWS CloudTrail organization trail, send logs to an S3 bucket in a dedicated Log Archive account, and enable CloudTrail log file validation.
Use Amazon CloudWatch Logs agent on all EC2 instances to send logs to a central account.
Enable VPC Flow Logs in all accounts and store them in Amazon S3 with Object Lock.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1
75 questions · hints · full answers · grading