SCS-C02 · Question #400
SCS-C02 Question #400: Real Exam Question with Answer & Explanation
The correct answer is A: Don't do anything since CloudTrail logs are automatically encrypted.. The AWS Documentation mentions the following By default the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE- S3) Option B,C and D are all invalid because by default all logs are encrypted
Question
You need to ensure that the cloudtrail logs which are being delivered in your AWS account is encrypted. How can this be achieved in the easiest way possible?
Options
- ADon't do anything since CloudTrail logs are automatically encrypted.
- BEnable S3-SSE for the underlying bucket which receives the log files
- CEnable S3-KMS for the underlying bucket which receives the log files
- DEnable KMS encryption for the logs which are sent to Cloudwatch
Explanation
The AWS Documentation mentions the following By default the log files delivered by CloudTrail to your bucket are encrypted by Amazon server-side encryption with Amazon S3-managed encryption keys (SSE- S3) Option B,C and D are all invalid because by default all logs are encrypted when they sent by Cloudtrail to S3 buckets https://docs.aws.amazon.com/awscloudtrail/latest/usereuide/encryptine-cloudtrail-loe-files-with-
Community Discussion
No community discussion yet for this question.