A company has five AWS accounts and wants to use AWS CloudTrail to log API calls. The log files must be stored in an Amazon S3 bucket that resides in a new account specifically built for centralized services with a unique top-level prefix for each trail. The configuration must also enable detection of any modification to the logs. Which of the following steps will implement these requirements? (Choose three.)
A) Create a new S3 bucket in a separate AWS account for centralized storage of CloudTrail logs, and enable "Log File Validation" on all trails.
B) Use an existing S3 bucket in one of the accounts, apply a bucket policy to the new centralized S3 bucket that permits the CloudTrail service to use the "s3: PutObject" action and the "s3 GetBucketACL" action, and specify the appropriate resource ARNs for the CloudTrail trails.
C) Apply a bucket policy to the new centralized S3 bucket that permits the CloudTrail service to use the "s3 PutObject" action and the "s3 GelBucketACL" action, and specify the appropriate resource ARNs for the CloudTrail trails.
D) Use unique log file prefixes for trails in each AWS account.
E) Configure CloudTrail in the centralized account to log all accounts to the new centralized S3 bucket.
F) Enable encryption of the log files by using AWS Key Management Service
Correct Answer:
Verified
Q58: During a security event, it is discovered
Q59: A company plans to move most of
Q60: A Security Engineer must design a system
Q61: A Security Engineer for a large company
Q62: A company had one of its Amazon
Q64: A company has a few dozen application
Q65: Which of the following are valid event
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents