A company recently performed an annual security assessment of its AWS environment. The assessment showed the audit logs are not available beyond 90 days and that unauthorized changes to IAM policies are made without detection. How should a Security Engineer resolve these issues?
A) Create an Amazon S3 lifecycle policy that archives AWS CloudTrail trail logs to Amazon S3 Glacier after 90 days. Configure Amazon Inspector to provide a notification when a policy change is made to resources.
B) Configure AWS Artifact to archive AWS CloudTrail logs. Configure AWS Trusted Advisor to provide a notification when a policy change is made to resources.
C) Configure Amazon CloudWatch to export log groups to Amazon S3. Configure AWS CloudTrail to provide a notification when a policy change is made to resources.
D) Create an AWS CloudTrail trail that stores audit logs in Amazon S3. Configure an AWS Config rule to provide a notification when a policy change is made to resources.
Correct Answer:
Verified
Q159: A Security Engineer discovers that developers have
Q160: A company had one of its Amazon
Q161: A company's Security Engineer has been tasked
Q162: A company has an application hosted in
Q163: An organization wants to log all AWS
Q165: After multiple compromises of its Amazon EC2
Q166: A company uses Microsoft Active Directory for
Q167: A company plans to use custom AMIs
Q168: A Security Engineer accidentally deleted the imported
Q169: A company requires that SSH commands used
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents