AWS Certified SysOps Administrator – Associate — Question 399

A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted.
How should the SysOps administrator meet these requirements?

Answer options

• A. Enable log file integrity validation. Use the AWS CLI to validate the log files.
• B. Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
• C. Use CloudTrail Insights to monitor the log files for modifications.
• D. Use Amazon CloudWatch Logs to monitor the log files for modifications.

Correct answer: A

Explanation

Enabling log file integrity validation allows AWS CloudTrail to deliver digest files that you can use to determine whether a log file was modified or deleted after delivery. The AWS CLI can then be used to validate the integrity of these files using the 'aws cloudtrail validate-logs' command. Other options like CloudTrail Insights or CloudWatch Logs do not provide the cryptographic validation mechanism required for detecting file tampering, and the Processing Library is not the standard tool for CLI-based validation.