DOP-C02 Question #304: Real Exam Question with Answer & Explanation

Question

A large company runs critical workloads in multiple AWS accounts. The AWS accounts are managed under AWS Organizations with all features enabled. The company stores confidential customer data in an Amazon S3 bucket. Access to the S3 bucket requires multiple levels of approval. The company wants to monitor when the S3 bucket is accessed by using the AWS CLI. The company also wants insights into the various activities performed by other users on all other S3 buckets in the AWS accounts to detect any issues. Which solution will meet these requirements?

Options

• ACreate an AWS CloudTrail trail that is delivered to Amazon CloudWatch in each AWS account.
• BCreate an AWS CloudTrail organization trail that is delivered to Amazon CloudWatch in the
• CCreate an AWS CloudTrail organization trail that is delivered to Amazon CloudWatch in the
• DCreate an AWS CloudTrail trail that is delivered to Amazon CloudWatch in each AWS account.

Explanation

An organization trail in AWS CloudTrail ensures that you can capture API activity and S3 data events across all AWS accounts managed under AWS Organizations. By delivering the logs to the Organizations management account, you centralize the monitoring and management of access across multiple accounts, which simplifies governance and monitoring for compliance. Data events in CloudTrail capture specific actions related to S3 objects, such as GetObject or PutObject, which are essential for detecting when the S3 bucket is accessed via the AWS CLI. By enabling data events for all S3 buckets, you ensure comprehensive monitoring of S3 activities across accounts. CloudWatch anomaly detection uses machine learning to automatically detect unusual patterns in the collected metrics (e.g., unusual access patterns to S3). This feature helps you detect security issues and anomalies without requiring a custom solution for anomaly detection. Amazon Athena allows you to run SQL queries directly on the CloudTrail logs stored in S3. This provides a scalable and serverless way to gain insights into user activities, including S3 access patterns. Using Athena is cost-efficient and allows for detailed querying of CloudTrail logs without requiring additional infrastructure. By using CloudTrail organization trail, CloudWatch anomaly detection, and Athena for querying, this solution meets the requirements for monitoring S3 access across multiple accounts with the least operational overhead.

No community discussion yet for this question.