SCS-C02 · Question #342
SCS-C02 Question #342: Real Exam Question with Answer & Explanation
The correct answer is B: Monitor the S3 API calls by using Cloudtrail logging. The AWS Documentation mentions the following Amazon S3 is integrated with AWS CloudTrail. CloudTrail is a service that captures specific API calls made to Amazon S3 from your AWS account and delivers the log files to an Amazon S3 bucket that you specify. It captures API calls mad
Question
Your company has defined a set of S3 buckets in AWS. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?
Options
- AEnable VPC flow logs to know the source IP addresses
- BMonitor the S3 API calls by using Cloudtrail logging
- CMonitor the S3 API calls by using Cloudwatch logging
- DEnable AWS Inspector for the S3 bucket
Explanation
The AWS Documentation mentions the following Amazon S3 is integrated with AWS CloudTrail. CloudTrail is a service that captures specific API calls made to Amazon S3 from your AWS account and delivers the log files to an Amazon S3 bucket that you specify. It captures API calls made from the Amazon S3 console or from the Amazon S3 API. Using the information collected by CloudTrail, you can determine what request was made to Amazon S3, the source IP address from which the request was made, who made the request when it was made, and so on Options A,C and D are invalid because these services cannot be used to get the source IP address of the calls to S3 buckets https://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-logeins.html
Community Discussion
No community discussion yet for this question.