AmazonAmazon
DOP-C02 · Question #307
DOP-C02 Question #307: Real Exam Question with Answer & Explanation
Sign in or unlock DOP-C02 to reveal the answer and full explanation for question #307. The question stem and answer options stay visible for context.
Submitted by jordan8· Mar 6, 2026Security and Compliance
Question
A security team wants to use AWS CloudTrail to monitor all actions and API calls in multiple accounts that are in the same organization in AWS Organizations. The security team needs to ensure that account users cannot turn off CloudTrail in the accounts. Which solution will meet this requirement?
Options
- AApply an SCP to all OUs to deny the cloudtrail:StopLogging action and the cloudtrail:DeleteTrail
- BCreate IAM policies in each account to deny the cloudtrail:StopLogging action and the
- CSet up Amazon CloudWatch alarms to notify the security team when a user disables CloudTrail in
- DUse AWS Config to automatically re-enable CloudTrail if a user disables CloudTrail in an account.
Unlock DOP-C02 to see the answer
You've previewed enough free DOP-C02 questions. Unlock DOP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#AWS Organizations#Service Control Policies (SCPs)#AWS CloudTrail#Security hardening#Preventive controls