Which of the following is the most efficient way to automate the encryption of AWS CloudTrail logs using a Customer Master Key (CMK) in AWS KMS?
A.
Use the KMS direct encrypt function on the log data every time a CloudTrail log is generated.
B.
Use the default Amazon S3 server-side encryption with S3-managed keys to encrypt and decrypt the CloudTrail logs.
C.
Configure CloudTrail to use server-side encryption using KMS-managed keys to encrypt and decrypt CloudTrail logs.
D.
Use encrypted API endpoints so that all AWS API calls generate encrypted CloudTrail log entries using the TLS certificate from the encrypted API call.
This is because it provides the following benefits:
It allows you to use your own CMKs to encrypt your CloudTrail logs.
It provides an audit trail of all key usage.
It allows you to control access to your keys.
It provides automatic key rotation. C
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sanjaym
Highly Voted 3 years, 6 months agoITGURU51
Most Recent 1 year, 11 months agoIsaias
2 years, 5 months agoff12
3 years, 6 months agoLarsson
3 years, 6 months agokalzht00
3 years, 6 months agodevjava
3 years, 6 months agoAfricanCloudGuru
3 years, 6 months agoAfricanCloudGuru
3 years, 6 months agoRoyWeiss
3 years, 6 months agoRaySmith
3 years, 6 months agoCloudyMcClouderson
3 years, 6 months agoourking
3 years, 7 months agoRakeshTaninki
3 years, 7 months agoAnNguyen
3 years, 7 months agoOsemk
3 years, 7 months agoexams
3 years, 7 months ago