AWS Certified Security – Specialty — Question 225

A security engineer needs to build a solution to turn AWS CloudTrail back on in multiple AWS Regions in case it is ever turned off.
What is the MOST efficient way to implement this solution?

Answer options

• A. Use AWS Config with a managed rule to trigger the AWS-EnableCloudTrail remediation.
• B. Create an Amazon EventBridge (Amazon CloudWatch Events) event with a cloudtrail.amazonaws.com event source and a StartLogging event name to trigger an AWS Lambda function to call the StartLogging API.
• C. Create an Amazon CloudWatch alarm with a cloudtrail.amazonaws.com event source and a StopLogging event name to trigger an AWS Lambda function to call the StartLogging API.
• D. Monitor AWS Trusted Advisor to ensure CloudTrail logging is enabled.

Correct answer: C

Explanation

The correct answer is C because creating an Amazon CloudWatch alarm with a StopLogging event allows for immediate action through a Lambda function to restart logging. Options A and B do not provide the same level of direct response to the logging status, while D relies on manual monitoring rather than automatic remediation.