A company has hundreds of AWS accounts, and a centralized Amazon S3 bucket used to collect AWS CloudTrail logs for all of these accounts. A Security Engineer wants to create a solution that will enable the company to run ad hoc queries against its CloudTrail logs dating back 3 years from when the trails were first enabled in the company's AWS account. How should the company accomplish this with the least amount of administrative overhead?
A) Run an Amazon EMR cluster that uses a MapReduce job to examine the CloudTrail trails.
B) Use the events history feature of the CloudTrail console to query the CloudTrail trails.
C) Write an AWS Lambda function to query the CloudTrail trails. Configure the Lambda function to be executed whenever a new file is created in the CloudTrail S3 bucket.
D) Create an Amazon Athena table that looks at the S3 bucket the CloudTrail trails are being written to. Use Athena to run queries against the trails.
Correct Answer:
Verified
Q175: A Security Engineer creates an Amazon S3
Q176: Authorized Administrators are unable to connect to
Q177: A company's Security Engineer is copying all
Q178: A company has multiple AWS accounts that
Q179: A company's Information Security team wants to
Q181: Which of the following are valid configurations
Q182: A company is setting up products to
Q183: A company's director of information security wants
Q184: An external auditor finds that a company's
Q185: A company's on-premises data center forwards DNS
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents