AWS Certified Security – Specialty (SCS-C03) — Question 24

A startup company is using a single AWS account that has resources in a single AWS Region. A security engineer configures an AWS CloudTrail trail in the same Region to deliver log files to an Amazon S3 bucket by using the AWS CLI.
Because of expansion, the company adds resources in multiple Regions. The security engineer notices that the logs from the new Regions are not reaching the S3 bucket.
What should the security engineer do to fix this issue with the LEAST amount of operational overhead?

Answer options

• A. Create a new CloudTrail trail. Select the new Regions where the company added resources.
• B. Change the S3 bucket to receive notifications to track all actions from all Regions.
• C. Create a new CloudTrail trail that applies to all Regions.
• D. Change the existing CloudTrail trail so that it applies to all Regions.

Correct answer: D

Explanation

The correct answer is D because modifying the existing CloudTrail trail to include all Regions allows for centralized management and reduces the need for additional configurations. Options A and C would require creating new trails, which increases complexity and operational overhead. Option B does not address the CloudTrail configuration, as it focuses on S3 notifications rather than log delivery.