A company has five AWS accounts and wants to use AWS CloudTrail to log API calls. The log…

Question

A company has five AWS accounts and wants to use AWS CloudTrail to log API calls. The log files must be stored in an Amazon S3 bucket that resides in a new account specifically built for centralized services with a unique top-level prefix for each trail. The configuration must also enable detection of any modification to the logs.
Which of the following steps will implement these requirements? (Choose three.)

Accepted Answer

Correct answer: A, C, D. A. Create a new S3 bucket in a separate AWS account for centralized storage of CloudTrail logs, and enable ג€Log File Validationג€ on all trails. — C. Apply a bucket policy to the new centralized S3 bucket that permits the CloudTrail service to use the "s3 PutObject" action and the "s3 GelBucketACL" action, and specify the appropriate resource ARNs for the CloudTrail trails. — D. Use unique log file prefixes for trails in each AWS account. — To securely centralize CloudTrail logs across multiple accounts, a new S3 bucket must be created in the dedicated central account with a bucket policy (C) that allows the CloudTrail service to write logs ('s3:PutObject') and read ACLs ('s3:GetBucketAcl'). To organize the incoming logs from different accounts, each account's trail must be configured with a unique log prefix (D), and Log File Validation (A) must be enabled to ensure any tampering or modifications can be detected. Other options are incorrect because they either suggest using an existing non-centralized bucket (B), attempt to configure cross-account logging solely from the central account without proper trail setup in member accounts (E), or focus on encryption rather than integrity validation (F).

AWS Certified Security – Specialty — Question 496

Answer options

Correct answer: A, C, D

Explanation