AWS Certified SysOps Administrator – Associate — Question 117

A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company’s risk team must receive immediate notification about any delete events.

Which solution will meet these requirements?

Answer options

• A. Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. Select DeleteObject for the event type for the alert system.
• B. Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
• C. Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
• D. Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.

Correct answer: A

Explanation

Option A is correct because it directly enables S3 server access logging and sets up an SNS notification specifically for DeleteObject events, fulfilling both requirements. Option B does not provide immediate notifications and relies on daily log downloads, which is not timely. Options C and D utilize CloudWatch Logs but do not log access to the S3 bucket in the manner required, nor do they specify the necessary event notifications.