A Security Engineer is defining the logging solution for a newly developed product. Systems Administrators and Developers need to have appropriate access to event log files in AWS CloudTrail to support and troubleshoot the product. Which combination of controls should be used to protect against tampering with and unauthorized access to log files? (Choose two.)
A) Ensure that the log file integrity validation mechanism is enabled.
B) Ensure that all log files are written to at least two separate Amazon S3 buckets in the same account.
C) Ensure that Systems Administrators and Developers can edit log files, but prevent any other access.
D) Ensure that Systems Administrators and Developers with job-related need-to-know requirements only are capable of viewing-but not modifying-the log files.
E) Ensure that all log files are stored on Amazon EC2 instances that allow SSH access from the internal corporate network only.
Correct Answer:
Verified
Q66: A company is building a data lake
Q67: A Security Engineer must implement mutually authenticated
Q68: The AWS Systems Manager Parameter Store is
Q69: A company uses user data scripts that
Q70: A Security Engineer is building a Java
Q72: An application uses Amazon Cognito to manage
Q73: An Amazon S3 bucket is encrypted using
Q74: A Security Engineer is working with a
Q75: The Accounting department at Example Corp. has
Q76: A company uses identity federation to authenticate
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents