SAA-C03 · Question #379
SAA-C03 Question #379: Real Exam Question with Answer & Explanation
The correct answer is A: Enable CloudTrail log file validation.. CloudTrail log file validation ensures that the log files have not been altered or deleted after delivery, providing an immutable audit log. Using KMS-managed encryption keys for CloudTrail log files adds another layer of data security, and AWS Config can monitor compliance to en
Question
A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud in a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company has enabled AWS CloudTrail but wants to make sure it meets these requirements. Which actions should a solutions architect take to protect and secure CloudTrail? (Select TWO.)
Options
- AEnable CloudTrail log file validation.
- BInstall the CloudTrail Processing Library.
- CEnable logging of Insights events in CloudTrail.
- DEnable custom logging from the on-premises resources.
- ECreate an AWS Config rule to monitor whether CloudTrail is configured to use server-side
Explanation
CloudTrail log file validation ensures that the log files have not been altered or deleted after delivery, providing an immutable audit log. Using KMS-managed encryption keys for CloudTrail log files adds another layer of data security, and AWS Config can monitor compliance to ensure this security is always enforced.
Community Discussion
No community discussion yet for this question.