A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access. Which actions must the Security Engineer take to access these audit findings? (Choose three.)
A) Ensure CloudTrail log file validation is turned on.
B) Configure an S3 lifecycle rule to periodically archive CloudTrail logs into Glacier for long-term storage.
C) Use an S3 bucket with tight access controls that exists in a separate account.
D) Use Amazon Inspector to monitor the file integrity of CloudTrail log files.
E) Request a certificate through ACM and use a generated certificate private key to encrypt CloudTrail log files.
F) Encrypt the CloudTrail log files with server-side encryption AWS KMS-managed keys (SSE-KMS) .
Correct Answer:
Verified
Q77: A Security Engineer is implementing a solution
Q78: To meet regulatory requirements, a Security Engineer
Q79: A company's security policy requires that VPC
Q80: An AWS Lambda function was misused to
Q81: A company is developing a highly resilient
Q83: A company is operating an open-source software
Q84: A company is migrating its legacy workloads
Q85: For compliance reasons, a Security Engineer must
Q86: A company has an encrypted Amazon S3
Q87: An Application team has requested a new
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents