SCS-C02 · Question #14
SCS-C02 Question #14: Real Exam Question with Answer & Explanation
The correct answer is C: Edit the existing trail in the Organizations management account and apply it to the organization.. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html
Question
A company manages multiple AWS accounts using AWS Organizations. The company's security team notices that some member accounts are not sending AWS CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured for all existing accounts and for any account that is created in the future. Which set of actions should the security team implement to accomplish this?
Options
- ACreate a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon
- BDeploy an AWS Lambda function in every account to check if there is an existing trail and create
- CEdit the existing trail in the Organizations management account and apply it to the organization.
- DCreate an SCP to deny the cloudtrail:Delete* and cloudtrail:Stop* actions. Apply the SCP to all
Explanation
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html
Community Discussion
No community discussion yet for this question.