An organization wants to log all AWS API calls made within all of its AWS accounts, and must have a central place to analyze these logs. What steps should be taken to meet these requirements in the MOST secure manner? (Choose two.)
A) Turn on AWS CloudTrail in each AWS account.
B) Turn on CloudTrail in only the account that will be storing the logs.
C) Update the bucket ACL of the bucket in the account that will be storing the logs so that other accounts can log to it.
D) Create a service-based role for CloudTrail and associate it with CloudTrail in each account.
E) Update the bucket policy of the bucket in the account that will be storing the logs so that other accounts can log to it.
Correct Answer:
Verified
Q158: A company is developing a highly resilient
Q159: A Security Engineer discovers that developers have
Q160: A company had one of its Amazon
Q161: A company's Security Engineer has been tasked
Q162: A company has an application hosted in
Q164: A company recently performed an annual security
Q165: After multiple compromises of its Amazon EC2
Q166: A company uses Microsoft Active Directory for
Q167: A company plans to use custom AMIs
Q168: A Security Engineer accidentally deleted the imported
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents