A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account's Amazon S3 bucket. Moving forward, how can the SysOps Administrator confirm that the log files have not been modified after being delivered to the S3 bucket.
A) Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
B) Enable log file integrity validation and use digest files to verify the hash value of the log file.
C) Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
D) Enable S3 server access logging to track requests made to the log bucket for security audits.
Correct Answer:
Verified
Q362: A company backs up data from its
Q363: A SysOps Administrator is required to monitor
Q364: An application is running on multiple EC2
Q365: A company has deployed a fleet of
Q366: An application accesses data through a file
Q368: A SysOps Administrator launched an Amazon EC2
Q369: A SysOps Administrator has been tasked with
Q370: A SysOps Administrator is managing a Memcached
Q371: A company is using an AWS KMS
Q372: A company has Sales department and Marketing
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents