Domain 1.4: Multi-Account Environment — AWS SAP-C02 Practice Question 10

How to approach this question

Combine Organization-level features with S3 immutability features.

Full Answer

A.Create an Organization Trail in the management account. Configure it to log to the S3 bucket in the Log Archive account with S3 Object Lock enabled.✓ Correct

Create an Organization Trail in the management account. Configure it to log to the S3 bucket in the Log Archive account with S3 Object Lock enabled.

AWS Organizations integration with CloudTrail allows creating an Organization Trail that logs all accounts automatically. S3 Object Lock (WORM model) ensures the logs cannot be deleted or modified.

Common mistakes

Choosing manual trail creation which fails to scale.

An architect is designing a multi-account structure. The security team requires that all AWS CloudTrail logs from all accounts be stored in a centralized, immutable S3 bucket in a dedicated 'Log Archive' account. What is the MOST secure and scalable way to implement this?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

More questions from this exam