A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated. What approach enables the Administrator to search through the logs MOST efficiently?
A) Implement a "write-only" CloudTrail event filter to detect any modifications to the AWS account resources.
B) Configure Amazon Macie to classify and discover sensitive data in the Amazon S3 bucket that contains the CloudTrail audit logs.
C) Configure Amazon Athena to read from the CloudTrail S3 bucket and query the logs to examine account activities.
D) Enable Amazon S3 event notifications to trigger an AWS Lambda function that sends an email alarm when there are new CloudTrail API entries.
Correct Answer:
Verified
Q2: During a recent internal investigation, it was
Q3: A Security Engineer has created an Amazon
Q4: An organization wants to deploy a three-tier
Q5: An application has a requirement to be
Q6: A Security Engineer must design a solution
Q7: A Security Administrator has a website hosted
Q8: A water utility company uses a number
Q9: A threat assessment has identified a risk
Q10: An organization has a system in AWS
Q11: An organization policy states that all encryption
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents