ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 120 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 120
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A Security Engineer is defining the logging solution for a newly developed product. Systems Administrators and Developers need to have appropriate access to event log files in AWS CloudTrail to support and troubleshoot the product.
Which combination of controls should be used to protect against tampering with and unauthorized access to log files? (Choose two.)

  • A. Ensure that the log file integrity validation mechanism is enabled.
  • B. Ensure that all log files are written to at least two separate Amazon S3 buckets in the same account.
  • C. Ensure that Systems Administrators and Developers can edit log files, but prevent any other access.
  • D. Ensure that Systems Administrators and Developers with job-related need-to-know requirements only are capable of viewing ג€" but not modifying ג€" the log files.
  • E. Ensure that all log files are stored on Amazon EC2 instances that allow SSH access from the internal corporate network only.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by awssecuritynewbie at March 18, 2020, 9:39 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DanMuniz
Highly Voted 3 years, 6 months ago
A and D for me as well!
upvoted 20 times
...
ITGURU51
Most Recent 1 year, 11 months ago
The AWS best practice is to maintain log file integrity therefore the answer is AD.
upvoted 1 times
...
ITGURU51
2 years ago
Simple, answer A provides log file integrity. Answer D provides the least amount of access to the log files.
upvoted 1 times
...
dcasabona
2 years, 9 months ago
Selected Answer: AD
Option A and D.
upvoted 3 times
...
RaySmith
3 years, 2 months ago
A and D is correct
upvoted 2 times
...
Radhaghosh
3 years, 3 months ago
Selected Answer: AD
Agreed Answer A&D
upvoted 2 times
...
kiev
3 years, 6 months ago
AD for me as well and that makes it full house
upvoted 3 times
...
erezhazan1
3 years, 6 months ago
I think this is also a dup
upvoted 2 times
...
kj07
3 years, 6 months ago
AD Duplicated question
upvoted 2 times
deegadaze1
3 years, 6 months ago
correct!
upvoted 1 times
...
...
lunamycat
3 years, 7 months ago
A & D is correct
upvoted 2 times
...
gfhbox0083
3 years, 7 months ago
A, D, for sure
upvoted 1 times
...
RaySmith
3 years, 7 months ago
AD for me
upvoted 4 times
...
awssecuritynewbie
3 years, 7 months ago
A & D is correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago