AWS Certified SysOps Administrator – Associate — Question 30

A company runs an application that hosts critical data for several clients. The company uses AWS CloudTrail to track user activities on various AWS resources. To meet new security requirements, the company needs to protect the CloudTrail log files from being modified, deleted, or forged.
Which solution will meet these requirement?

Answer options

• A. Enable CloudTrail log file integrity validation.
• B. Use Amazon S3 MFA Delete on the S3 bucket where the CloudTrail log files are stored.
• C. Use Amazon S3 Versioning to keep all versions of the CloudTrail log files.
• D. Use AWS Key Management Service (AWS KMS) security keys to secure the CloudTrail log files.

Correct answer: A

Explanation

Enabling CloudTrail log file integrity validation ensures that the logs are not tampered with, meeting the requirement to protect them from modifications or forgery. While S3 MFA Delete adds a layer of security for deletion, it does not prevent modifications. S3 Versioning retains previous versions but does not inherently protect against unauthorized changes or deletions, and AWS KMS security keys provide encryption but do not prevent log file integrity issues.