AWS Certified Security – Specialty — Question 8

A security team is responsible for reviewing AWS API call activity in the cloud environment for security violations. These events must be recorded and retained in a centralized location for both current and future AWS regions.
What is the SIMPLEST way to meet these requirements?

Answer options

• A. Enable AWS Trusted Advisor security checks in the AWS Console, and report all security incidents for all regions.
• B. Enable AWS CloudTrail by creating individual trails for each region, and specify a single Amazon S3 bucket to receive log files for later analysis.
• C. Enable AWS CloudTrail by creating a new trail and applying the trail to all regions. Specify a single Amazon S3 bucket as the storage location.
• D. Enable Amazon CloudWatch logging for all AWS services across all regions, and aggregate them to a single Amazon S3 bucket for later analysis.

Correct answer: C

Explanation

The correct answer is C because creating a single AWS CloudTrail trail that applies to all regions simplifies management and ensures that all API calls are logged in one place. Option A does not log API calls; it only checks for security incidents. Option B requires creating multiple trails, which complicates the setup. Option D focuses on CloudWatch, which is not specifically designed for capturing AWS API call activities.