SOA-C02 Question #357: Real Exam Question with Answer & Explanation

Question

A company runs an application that hosts critical data for several clients. The company uses AWS CloudTrail to track user activities on various AWS resources. To meet new security requirements, the company needs to protect the CloudTrail log files from being modified, deleted, or forged. Which solution will meet these requirement?

Options

• AEnable CloudTrail log file integrity validation.
• BUse Amazon S3 MFA Delete on the S3 bucket where the CloudTrail log files are stored.
• CUse Amazon S3 Versioning to keep all versions of the CloudTrail log files.
• DUse AWS Key Management Service (AWS KMS) security keys to secure the CloudTrail log files.

Explanation

Enable CloudTrail log file integrity Validated log files are especially valuable in security and forensic investigations. For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API activity. The CloudTrail log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time. CloudTrail log file integrity validation uses industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally unfeasible to modify, delete or forge CloudTrail log files without detection. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html

No community discussion yet for this question.