AmazonAmazon
SCS-C02 · Question #26
SCS-C02 Question #26: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #26. The question stem and answer options stay visible for context.
Submitted by rohit_dlh· Mar 6, 2026
Question
A company's AWS CloudTrail logs are all centrally stored in an Amazon S3 bucket. The security team controls the company's AWS account. The security team must prevent unauthorized access and tampering of the CloudTrail logs. Which combination of steps should the security team take? (Choose three.)
Options
- AConfigure server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
- BCompress log files with secure gzip.
- CCreate an Amazon EventBridge rule to notify the security team of any modifications on CloudTrail
- DImplement least privilege access to the S3 bucket by configuring a bucket policy.
- EConfigure CloudTrail log file integrity validation.
- FConfigure Access Analyzer for S3.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.