AWS Certified Security – Specialty — Question 110

A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access.
Which actions must the Security Engineer take to access these audit findings? (Choose three.)

Answer options

• A. Ensure CloudTrail log file validation is turned on.
• B. Configure an S3 lifecycle rule to periodically archive CloudTrail logs into Glacier for long-term storage.
• C. Use an S3 bucket with tight access controls that exists in a separate account.
• D. Use Amazon Inspector to monitor the file integrity of CloudTrail log files.
• E. Request a certificate through ACM and use a generated certificate private key to encrypt CloudTrail log files.
• F. Encrypt the CloudTrail log files with server-side encryption AWS KMS-managed keys (SSE-KMS).

Correct answer: A, C, F

Explanation

The correct answers are A, C, and F. Enabling CloudTrail log file validation (A) ensures the integrity of logs by detecting any changes. Using an S3 bucket with strict access controls in a separate account (C) enhances security by isolating access. Encrypting the log files with SSE-KMS (F) protects the data at rest. Options B, D, and E do not directly address the primary concerns of tampering and unauthorized access to the logs.