AWS Certified SysOps Administrator – Associate — Question 63

A company monitors its account activity using AWS CloudTrail, and is concerned that some log files are being tampered with after the logs have been delivered to the account’s Amazon S3 bucket.

Moving forward, how can the SysOps administrator confirm that the log files have not been modified after being delivered to the S3 bucket?

Answer options

• A. Stream the CloudTrail logs to Amazon CloudWatch Logs to store logs at a secondary location.
• B. Enable log file integrity validation and use digest files to verify the hash value of the log file.
• C. Replicate the S3 log bucket across regions, and encrypt log files with S3 managed keys.
• D. Enable S3 server access logging to track requests made to the log bucket for security audits.

Correct answer: B

Explanation

The correct answer is B, as enabling log file integrity validation allows the administrator to use digest files to verify that the log files have not been tampered with after delivery. Option A does not provide a method for verifying integrity, C focuses on replication and encryption without addressing tampering, and D is about tracking access rather than confirming log integrity.