exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 56 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 56
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company has multiple production AWS accounts. Each account has AWS CloudTrail configured to log to a single Amazon S3 bucket in a central account. Two of the production accounts have trails that are not logging anything to the S3 bucket.
Which steps should be taken to troubleshoot the issue? (Choose three.)

  • A. Verify that the log file prefix is set to the name of the S3 bucket where the logs should go.
  • B. Verify that the S3 bucket policy allows access for CloudTrail from the production AWS account IDs.
  • C. Create a new CloudTrail configuration in the account, and configure it to log to the account's S3 bucket.
  • D. Confirm in the CloudTrail Console that each trail is active and healthy.
  • E. Open the global CloudTrail configuration in the master account, and verify that the storage location is set to the correct S3 bucket.
  • F. Confirm in the CloudTrail Console that the S3 bucket name is set correctly.
Show Suggested Answer Hide Answer
Suggested Answer: BDF 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Osemk
Highly Voted 3 years, 9 months ago
BDF is the answer. This is because, global organization cloud trail is not set yet. As a result, E, is not appropriate. If the organization is set properly. The logging from each production account will be automatic.
upvoted 42 times
...
INASR
Highly Voted 3 years, 9 months ago
B , D , F are correct
upvoted 19 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: BDF
Correct answers: BDF 1. S3 bucket should allow accounts to put events into it. 2. S3 bucket should be set correctly 3. Trails in each account should be active (a trail with the name that you give it is created in every AWS account that belongs to your organization.) https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html
upvoted 1 times
...
yd_h
2 years, 3 months ago
A, B, D, and F could be the answers. I am having some doubts about the B though. Because of the way you allow cross-account access to S3 by configuring the source cloud-trail ARN. ( https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-set-bucket-policy-for-multiple-accounts.html).
upvoted 1 times
yd_h
2 years, 3 months ago
But in A, setting the log file prefix to the bucket name is kinda weird. So I would omit A
upvoted 1 times
...
...
a2cool
2 years, 5 months ago
Selected Answer: ABD
Option A - because the log file prefix is critical in directing the logs to the correct S3 bucket. If the prefix is incorrect, the logs will be stored in a different S3 bucket, causing the logs to be unavailable for analysis. Verifying that the correct prefix is set ensures that the logs are stored in the intended S3 bucket, making them available for analysis. Option D - because If the trails are not active, they will not be logging any events to the S3 bucket and this could be the root cause of the issue. Option B - because If the policy does not grant access, the logs will not be delivered to the bucket, even if other configurations are correct.
upvoted 2 times
...
sky_top_onestart
2 years, 7 months ago
Selected Answer: BDF
A is incorrect. Cloud Trail's 'Log file prefix' is a blank in My account
upvoted 2 times
...
dcasabona
2 years, 11 months ago
Selected Answer: BDF
I agree with Osemk explanation.
upvoted 1 times
...
Jonfernz
3 years, 2 months ago
Selected Answer: BDF
The first thing I would do is check that things are configured correctly on each side. The S3 bucket policy has to allow access for CloudTrail in the production account. And check the CloudTrail console to see if the bucket name is correct. While you're there, check that each trail is active/healthy.
upvoted 3 times
...
NANDY666
3 years, 8 months ago
BDF is Correct
upvoted 3 times
EA_Practice
3 years, 8 months ago
Wonder what makes F correct: - if incorrect bucket name, then NONE of the trails would be delivered ?
upvoted 3 times
refuz
3 years, 8 months ago
Because the trails are in different accounts.
upvoted 4 times
...
...
...
stt
3 years, 8 months ago
A B & F cannot be D. Only 2 not working. You don't have to confirm that each trail is healthy
upvoted 2 times
touryard
3 years, 8 months ago
They mean each of the 2. D is correct!
upvoted 2 times
...
...
devjava
3 years, 8 months ago
Ans > B,D,F
upvoted 1 times
...
AfricanCloudGuru
3 years, 8 months ago
Ans (B,D,E) https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html
upvoted 1 times
acloudguru
3 years, 8 months ago
E: there is no gloable Cloudtrail.
upvoted 1 times
...
...
deegadaze1
3 years, 8 months ago
ADF--> In the Log file prefix field, enter the same prefix you entered for storing log files when you turned on CloudTrail using account 111111111111 credentials. If you choose to use a prefix that is different from the one you entered when you turned on CloudTrail in the first account, you must edit the bucket policy on your destination bucket to allow CloudTrail to write log files to your bucket using this new prefix
upvoted 1 times
vnsuk
3 years, 8 months ago
log file prefix is optional. please do some labs:)
upvoted 2 times
...
...
Snownoodles
3 years, 8 months ago
B D F A should also be correct according to https://docs.aws.amazon.com/awscloudtrail/latest/userguide/turn-on-cloudtrail-in-additional-accounts.html But it could be part of B:
upvoted 1 times
...
Jack_London
3 years, 8 months ago
Why not A? D - where is it documented that trails need to be active or healthy? I think ABF ...
upvoted 1 times
...
PeppaPig
3 years, 8 months ago
BDF. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html
upvoted 2 times
...
hozefa
3 years, 9 months ago
I had this question on my exam today. Correct answer is B,C,F
upvoted 3 times
SHoKMaSTeR
3 years, 9 months ago
When you do an exam you don't have a list of right/wrong answers, you only know if it is PASS/NOT PASS and your points.
upvoted 6 times
rip72
3 years, 8 months ago
Unless of course the score is 100%, which I imagine is unusual.
upvoted 2 times
Mimikabs
2 years, 7 months ago
He could even have 100% and still not get everything correct. Remember there are unscored questions and we don't know which.
upvoted 1 times
...
...
Stpn2me
3 years, 8 months ago
I'm actually starting to wonder if this guy is a troll.
upvoted 3 times
...
...
[Removed]
3 years, 9 months ago
I don't think C is a proper answer, read the question: "Each account has AWS CloudTrail configured to log to a single Amazon S3 bucket in a central account." - It says the trails are configured. C says: go in the account and configure the trail... this is already done. B + D +F
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...