A company's AWS CloudTrail logs are all centrally stored in an Amazon S3 bucket. The security team controls the company's AWS account. The security team must prevent unauthorized access and tampering of the CloudTrail logs. Which combination of steps should the security team take? (Choose three.)
A) Configure server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
B) Compress log file with secure gzip.
C) Create an Amazon EventBridge (Amazon CloudWatch Events) rule to notify the security team of any modifications on CloudTrail log files.
D) Implement least privilege access to the S3 bucket by configuring a bucket policy.
E) Configure CloudTrail log file integrity validation.
F) Configure Access Analyzer for S3.
Correct Answer:
Verified
Q241: An ecommerce website was down for 1 hour
Q242: A company is hosting multiple applications within
Q243: Users report intermittent availability of a web
Q244: A company is using AWS Organizations to
Q245: A company's architecture requires that its three
Q247: A company needs to encrypt all of
Q248: A company is building an application on
Q249: A company uses an external identity provider
Q250: A company wants to deploy a distributed
Q251: A city is implementing an election results
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents