A company manages multiple AWS accounts using AWS Organizations. The company's security team notices that some member accounts are not sending AWS CloudTrail logs to a centralized Amazon S3 logging bucket. The security team wants to ensure there is at least one trail configured for all existing accounts and for any account that is created in the future. Which set of actions should the security team implement to accomplish this?
A) Create a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge (Amazon CloudWatch Events) to send notification if a trail is deleted or stopped.
B) Deploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed.
C) Edit the existing trail in the Organizations master account and apply it to the organization.
D) Create an SCP to deny the cloudtrail:Delete* and cloudtrail:Stop* actions. Apply the SCP to all accounts.
Correct Answer:
Verified
Q227: A company's web application is hosted on
Q228: A company has a compliance requirement to
Q229: A company needs to retain log data
Q230: A company uses an Amazon S3 bucket
Q231: Developers in an organization have moved from
Q233: A company's security information events management (SIEM)
Q234: An organizational must establish the ability to
Q235: A company uses HTTP Live Streaming (HLS)
Q236: A company plans to use custom AMIs
Q237: Two Amazon EC2 instances in different subnets
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents