Multiple Choice
Which of the following is the most efficient way to automate the encryption of AWS CloudTrail logs using a Customer Master Key (CMK) in AWS KMS?
A) Use the KMS direct encrypt function on the log data every time a CloudTrail log is generated.
B) Use the default Amazon S3 server-side encryption with S3-managed keys to encrypt and decrypt the CloudTrail logs.
C) Configure CloudTrail to use server-side encryption using KMS-managed keys to encrypt and decrypt CloudTrail logs.
D) Use encrypted API endpoints so that all AWS API calls generate encrypted CloudTrail log entries using the TLS certificate from the encrypted API call.
Correct Answer:
Verified
Correct Answer:
Verified
Q39: An application uses Amazon Cognito to manage
Q40: A security engineer needs to ensure their
Q41: Authorized Administrators are unable to connect to
Q42: An application outputs logs to a text
Q43: A Security Engineer has discovered that, although
Q45: A company is configuring three Amazon EC2
Q46: A Security Engineer is defining the logging
Q47: A company plans to move most of
Q48: An organization wants to be alerted when
Q49: A security engineer has noticed an unusually