AWS Certified Security – Specialty (SCS-C02) — Question 154

A security engineer needs to build a solution to turn AWS CloudTrail back on in multiple AWS Regions in case it is ever turned off.

What is the MOST efficient way to implement this solution?

Answer options

• A. Use AWS Config with a managed rule to initiate the AWS-EnableCloudTrail remediation.
• B. Create an Amazon EventBridge event with a cloudtrail.amazonaws.com event source and a StartLogging event name to invoke an AWS Lambda function to call the StartLogging API.
• C. Create an Amazon CloudWatch alarm with a cloudtrail.amazonaws.com event source and a StopLoggmg event name to invoke an AWS Lambda function to call the StartLogging API.
• D. Monitor AWS Trusted Advisor to ensure CloudTrail logging is enabled.

Correct answer: A

Explanation

The correct answer, A, is the most efficient since AWS Config with a managed rule automates the remediation process across multiple regions. Option B, while functional, requires additional setup with EventBridge and Lambda, making it less efficient. Options C and D do not provide a direct method for re-enabling CloudTrail logging automatically.