Multiple Choice
A company recently performed an annual security assessment of its AWS environment. The assessment showed the audit logs are not available beyond 90 days and that unauthorized changes to IAM policies are made without detection. How should a Security Engineer resolve these issues?
A) Create an Amazon S3 lifecycle policy that archives AWS CloudTrail trail logs to Amazon S3 Glacier after 90 days. Configure Amazon Inspector to provide a notification when a policy change is made to resources.
B) Configure AWS Artifact to archive AWS CloudTrail logs. Configure AWS Trusted Advisor to provide a notification when a policy change is made to resources.
C) Configure Amazon CloudWatch to export log groups to Amazon S3. Configure AWS CloudTrail to provide a notification when a policy change is made to resources.
D) Create an AWS CloudTrail trail that stores audit logs in Amazon S3. Configure an AWS Config rule to provide a notification when a policy change is made to resources.
Correct Answer:
Verified
Correct Answer:
Verified
Q185: A company's security policy requires that VPC
Q186: In response to the past DDoS attack
Q187: A developer reported that AWS CloudTrail was
Q188: A Security Engineer for a large company
Q189: A company uses multiple AWS accounts managed
Q191: An organization has tens of applications deployed
Q192: A security engineer has noticed that VPC
Q193: A company's director of information security wants
Q194: A company's development team is designing an
Q195: After multiple compromises of its Amazon EC2