Multiple Choice
A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
A) Stream the CloudTrail logs to Amazon CloudWatch to store logs at a secondary location.
B) Enable log file integrity validation and use digest files to verify the hash value of the log file.
C) Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
D) Enable S3 server access logging to track requests made to the log bucket for security audits.
Correct Answer:
Verified
Correct Answer:
Verified
Q436: An AWS CloudFormation template creates an Amazon
Q437: A company is auditing their infrastructure to
Q438: An application running on Amazon EC2 instances
Q439: Amazon S3 provides a number of security
Q440: A web application's performance has been degrading.
Q442: Which of the following Identity and Access
Q443: A company has an application that is
Q444: A user is planning to evaluate AWS
Q445: An Amazon EBS volume attached to an
Q446: Elasticity is one of the benefits of