AWS Certified Security – Specialty — Question 106

A Security Engineer is asked to update an AWS CloudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the
Security Engineer receives the following error message: `There is a problem with the bucket policy.`
What will enable the Security Engineer to save the change?

Answer options

• A. Create a new trail with the updated log file prefix, and then delete the original trail. Update the existing bucket policy in the Amazon S3 console with the new log file prefix, and then update the log file prefix in the CloudTrail console.
• B. Update the existing bucket policy in the Amazon S3 console to allow the Security Engineer's Principal to perform PutBucketPolicy, and then update the log file prefix in the CloudTrail console.
• C. Update the existing bucket policy in the Amazon S3 console with the new log file prefix, and then update the log file prefix in the CloudTrail console.
• D. Update the existing bucket policy in the Amazon S3 console to allow the Security Engineer's Principal to perform GetBucketPolicy, and then update the log file prefix in the CloudTrail console.

Correct answer: C

Explanation

The correct answer is C because updating the bucket policy with the new log file prefix is necessary for CloudTrail to access the S3 bucket correctly. Options A and B involve unnecessary steps or permissions that do not directly address the issue, while option D is focused on a permission that does not resolve the problem related to the log file prefix.