Multiple Choice
A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access. Which actions must the Security Engineer take to access these audit findings? (Choose three.)
A) Ensure CloudTrail log file validation is turned on.
B) Configure an S3 lifecycle rule to periodically archive CloudTrail logs into Glacier for long-term storage.
C) Use an S3 bucket with tight access controls that exists in a separate account.
D) Use Amazon Inspector to monitor the file integrity of CloudTrail log files.
E) Request a certificate through ACM and use a generated certificate private key to encrypt CloudTrail log files.
F) Encrypt the CloudTrail log files with server-side encryption AWS KMS-managed keys (SSE-KMS) .
Correct Answer:
Verified
Correct Answer:
Verified
Q80: A financial institution has the following security
Q81: A Security Engineer is working with a
Q82: A threat assessment has identified a risk
Q83: An organization is using Amazon CloudWatch Logs
Q84: The Security Engineer for a mobile game
Q86: An audit determined that a company's Amazon
Q87: An organization wants to log all AWS
Q88: Example.com is hosted on Amazon EC2 instance
Q89: A company website runs on Amazon EC2
Q90: A company's Information Security team wants to