AWS Certified Security – Specialty (SCS-C02) — Question 199

A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions.

What is the SIMPLEST way to meet these requirements?

Answer options

• A. Enable AWS Trusted Advisor security checks in the AWS Console, and report all security incidents for all regions.
• B. Enable AWS CloudTrail by creating individual trails for each region, and specify a single Amazon S3 bucket to receive log files for later analysis.
• C. Enable AWS CloudTrail by creating a new trail and applying the trail to all regions. Specify a single Amazon S3 bucket as the storage location.
• D. Enable Amazon CloudWatch logging for all AWS services across all regions, and aggregate them to a single Amazon S3 bucket for later analysis.

Correct answer: C

Explanation

The correct answer, C, is the simplest method to ensure AWS CloudTrail logs are centrally stored by creating one trail that applies to all regions and pointing to a single S3 bucket. Option A does not meet the requirements for centralized logging, while B requires multiple trails, complicating management. Option D involves CloudWatch logging, which is not specifically designed for AWS API call tracking as CloudTrail is.