AWS Certified Security – Specialty (SCS-C02) — Question 22

A startup company is using a single AWS account that has resources in a single AWS Region. A security engineer configures an AWS CloudTrail trail in the same Region to deliver log files to an Amazon S3 bucket by using the AWS CLI.
Because of expansion, the company adds resources in multiple Regions. The security engineer notices that the logs from the new Regions are not reaching the S3 bucket.
What should the security engineer do to fix this issue with the LEAST amount of operational overhead?

Answer options

• A. Create a new CloudTrail trail. Select the new Regions where the company added resources.
• B. Change the S3 bucket to receive notifications to track all actions from all Regions.
• C. Create a new CloudTrail trail that applies to all Regions.
• D. Change the existing CloudTrail trail so that it applies to all Regions.

Correct answer: D

Explanation

The correct answer is D because modifying the existing CloudTrail trail to apply to all Regions allows for a centralized log collection without the need to create a new trail, thus reducing operational overhead. Options A and C involve creating new trails, which adds unnecessary complexity, and option B does not address the configuration of CloudTrail itself, making it ineffective for this issue.