You currently operate a web application in the AWS US-East region. The application runs
on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security
compliance officer has tasked you to develop a reliable and durable logging solution to
track changes made to your EC2, IAM, and RDS resources. The solution must ensure the
integrity and confidentiality of your log data. Which of these solutions would you
recommend?
A. Create a new CloudTrail trail with an existing S3 bucket to store the logs and with the
global services option selected. Use S3 ACLs and Multi Factor Authentication (MFA)
Delete on the S3 bucket that stores your logs.
B. Create a new CloudTrail trail with one new S3 bucket to store the logs. Configure SNS
to send log file delivery notifications to your management system. Use IAM roles and S3
bucket policies on the S3 bucket that stores your logs.
C. Create three new CloudTrail trails with three new S3 buckets to store the logs: one for
the AWS Management Console, one for AWS SDKs, and one for command line tools. Use
1AM roles and S3 bucket policies on the S3 buckets that store your logs.
D. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the
global services option selected. Use IAM roles, S3 bucket policies, and Multi Factor
Authentication (MFA) Delete on the S3 bucket that stores your logs.
Answer : D
No comments:
Post a Comment
Note: only a member of this blog may post a comment.