AWS Certified Security – Specialty (SCS-C02) — Question 183

AWS CloudTrail is being used to monitor API calls in an organization. An audit revealed that CloudTrail is failing to deliver events to Amazon S3 as expected.

What initial actions should be taken to allow delivery of CloudTrail events to S3? (Choose two.)

Answer options

• A. Verify that the S3 bucket policy allows CloudTrail to write objects.
• B. Verify that the IAM role used by CloudTrail has access to write to Amazon CloudWatch Logs.
• C. Remove any lifecycle policies on the S3 bucket that are archiving objects to S3 Glacier Flexible Retrieval.
• D. Verify that the S3 bucket defined in CloudTrail exists.
• E. Verify that the log file prefix defined in CloudTrail exists in the S3 bucket.

Correct answer: A, D

Explanation

Option A is correct because the S3 bucket policy must explicitly allow CloudTrail to write objects to the bucket. Option D is also correct as CloudTrail requires the specified S3 bucket to exist in order to deliver events. Options B, C, and E are not relevant to the immediate issue of event delivery to S3.