Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 274 discussion

C. AWS CloudTrail, configurate read and write data events on the S3 bucket (include API call) Amazon S3 Server Access is wrong. Server access logging provides detailed records for the requests that are made to a bucket. (GET, PUT, DELETE... but not include API call) https://docs.aws.amazon.com/AmazonS3/latest/dev/LogFormat.html

C is the right answer because the question specifically asking logs for following events. Access, modifications and deletions which are all DATA EVENTS. Data Events: The following data types are recorded: - Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API operations) - AWS Lambda function execution activity (the Invoke API) https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html In contrast the management events are as follow. Configuring security (for example, IAM AttachRolePolicy API operations) Registering devices (for example, Amazon EC2 CreateDefaultVpc API operations) Configuring rules for routing data (for example, Amazon EC2 CreateSubnet API operations) Setting up logging (for example, AWS CloudTrail CreateTrail API operations)

Answer C. https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html

I think its D, Cloud Trail Management event is for logging management. Log the log change. https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-data-management-events/

whats the difference bt C and D?

Thus question was there in my exam date 22 june 2022

Answer is C according to this link: https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html "We recommend that you use AWS CloudTrail data events instead of Amazon S3 access logs. CloudTrail data events are easier to set up and contain more information. For more information, see Identifying Amazon S3 requests using CloudTrail."

C S3 Server Access logging doesn't have management or data events it used for logging access to the bucket only plus log file validation is on cloudtrail only

CCCC AWS CloudTrail logs provide a record of actions taken by a user, role, or an AWS service in Amazon S3, while Amazon S3 server access logs provide detailed records for the requests that are made to an S3 bucket. https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html

https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-s3-access-logs-to-identify-requests.html You can identify Amazon S3 requests using 'Amazon S3 access logs'. NOTE: We recommend that you use AWS CloudTrail data events instead of Amazon S3 access logs. CloudTrail data events are easier to set up and contain more information. ============= The above is different from S3 Server Access Logs: https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html Server access logging provides detailed records for the requests that are made to an Amazon S3 bucket. ================ Cloudtrail https://www.youtube.com/watch?v=qelcK5xRB0Y Management Events - Tracks management operations. T -Turned on by default. -Can't be turned off Data Events. -Tracks Specific operations for specific AWS Services. -Tuned off by default. -The two services that can be tracked are S3 and Lambda.

S3 Server Log does not support log validation

Confused between A and C. The two possible reasons (C) could be an answer is because 1. Server access logs don't record information about wrong-region redirect errors for Regions that launched after March 20, 2019. Wrong-region redirect errors occur when a request for an object or bucket is made outside the Region in which the bucket exists. URL:- https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html 2. We recommend that you use AWS CloudTrail for logging bucket and object-level actions for your Amazon S3 resources. URL :- https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

This is C 100%

NEW QUESTION A company is deploying an application that processes large quantities of data in batches as needed. The company plans to use Amazon EC2 instances for the workload. The network architecture must support a highly scalable solution and prevent groups of nodes from sharing the same underlying hardware. Which combination of network solutions will meet these requirements? (Select TWO.) A. Create Capacity Reservations for the EC2 instances to run in a placement group. B. Run the EC2 instances in a spread placement group. C. Run the EC2 instances in a cluster placement group. D. Place the EC2 instances in an EC2 Auto Scaling group. E. Run the EC2 instances in a partition placement group. I have got this Question.....Can anyone tell the answer? Spread or Partition?

C data events are not enabled by default.

Ans=C. ....CT.....data events... .

Management Events - Tracks management operations. Turned on by default. Can't be turned off Data Events. Tracks Specific operations for specific AWS Services. Tuned off by default. The two services that can be tracked in S3 and Lambda. Due to Tracking Specific Services (S3) I would go C