Which of the following is the most efficient way to automate the encryption of AWS CloudTrail logs using a Customer Master Key (CMK) in AWS KMS?
A) Use the KMS direct encrypt function on the log data every time a CloudTrail log is generated.
B) Use the default Amazon S3 server-side encryption with S3-managed keys to encrypt and decrypt the CloudTrail logs.
C) Configure CloudTrail to use server-side encryption using KMS-managed keys to encrypt and decrypt CloudTrail logs.
D) Use encrypted API endpoints so that all AWS API calls generate encrypted CloudTrail log entries using the TLS certificate from the encrypted API call.
Correct Answer:
Verified
Q45: A company runs an application on AWS
Q46: A Systems Administrator has written the following
Q47: A Security Analyst attempted to troubleshoot the
Q48: An organization operates a web application that
Q49: An application has been built with Amazon
Q51: The Security Engineer has discovered that a
Q52: An organization is using AWS CloudTrail, Amazon
Q53: A Security Architect is evaluating managed solutions
Q54: A company has a forensic logging use
Q55: A company has two AWS accounts, each
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents