exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam

Exam AWS Certified Security - Specialty topic 1 question 80 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 80
Topic #: 1
[All AWS Certified Security - Specialty Questions]

AWS CloudTrail is being used to monitor API calls in an organization. An audit revealed that CloudTrail is failing to deliver events to Amazon S3 as expected.
What initial actions should be taken to allow delivery of CloudTrail events to S3? (Choose two.)

  • A. Verify that the S3 bucket policy allow CloudTrail to write objects.
  • B. Verify that the IAM role used by CloudTrail has access to write to Amazon CloudWatch Logs.
  • C. Remove any lifecycle policies on the S3 bucket that are archiving objects to Amazon Glacier.
  • D. Verify that the S3 bucket defined in CloudTrail exists.
  • E. Verify that the log file prefix defined in CloudTrail exists in the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Daniel76
Highly Voted 3 years, 9 months ago
A - bucket policy must allow. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html D - Either create a new bucket or select an existing bucket for cloudtrail logs. If the bucket was deleted, then the cloudtrail log will not deliver successfully. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-a-trail-using-the-console-first-time.html
upvoted 29 times
...
AWS_Dude
Highly Voted 3 years, 5 months ago
Answer: AD or AE. Both are correct however I would say AD is the MOST correct since prefixes are optional. A - S3 bucket policy must have an allow for CloudTrail to write events to it. B - Incorrect since the question doesn't have to do with CloudWatch logs. C - Incorrect because this does not affect CloudTrail not writing events to S3. D - Make sure the S3 bucket still exists as it could have been deleted and this is why events are not being delivered. E - Technically the log file prefix is optional! However, if an existing bucket already has a prefix defined, changing this prefix will cause delivery of events to fail since the bucket policy is using the old prefix. If you are adding, modifying, removing the prefix on the bucket have to update the bucket policy as well. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html#cloudtrail-add-change-or-remove-a-bucket-prefix
upvoted 9 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: AD
AD are the correct answers. 1. CloudTrail is configured with an S3 bucket that actually exists. 2. S3 (bucket policy) allows CloudTrail to put objects into it.
upvoted 1 times
...
ITGURU51
2 years, 1 month ago
To enable CloudTrail data events logging for objects in an S3 bucket: Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/. In the Buckets list, choose the name of the bucket. Choose Properties. Under Amazon CloudTrail data events, choose Configure in CloudTrail. AD
upvoted 1 times
...
[Removed]
2 years, 8 months ago
Selected Answer: AD
A&D........
upvoted 2 times
...
DWsk
2 years, 8 months ago
Selected Answer: AD
Answer is AD
upvoted 2 times
...
dcasabona
2 years, 11 months ago
Selected Answer: AD
option A and D
upvoted 1 times
...
TigerInTheCloud
3 years, 2 months ago
Selected Answer: AD
The answer should be A, D, and E. When only let choose two, the D is preferred over E.
upvoted 1 times
...
ceros399
3 years, 3 months ago
Selected Answer: AD
Ans= AD
upvoted 3 times
...
FreshNess
3 years, 3 months ago
Selected Answer: AD
AD!!!!!!!!!!!!!!!!!!
upvoted 2 times
...
DingjieDanielYang
3 years, 4 months ago
Answer D&E. A indicates write permission; whereas, it should check whether it has put action permission rather than write.
upvoted 1 times
...
NSF2
3 years, 5 months ago
When you are creating a new trail, if “use existing S3 bucket” option was selected, you would have to browse or specify the bucket name. Prefix, However, is optional. What that means is that correct bucket name is mandatory. Therefore between answers D and E, D is the best answer. So I am going with AD,
upvoted 1 times
...
munish3420
3 years, 7 months ago
Ans is A and E.. First of all how they were able to identify that logs not getting delivered to S3 bucket. So, Its prefix which needs to be checked and its prefix which gets added to bucket policy when you create it.
upvoted 2 times
...
Kdosec
3 years, 8 months ago
A & D are correct.
upvoted 2 times
...
rhinozD
3 years, 8 months ago
A, D should be the answers This question talks about initial action and this mentions the organization.
upvoted 1 times
...
sashsz
3 years, 8 months ago
If you chose Use existing S3 bucket, specify a bucket in Trail log bucket name -> Not sure why would you verify that the bucket exists as you are choosing an existing or create a new bucket?
upvoted 3 times
...
sanjaym
3 years, 8 months ago
Ans: AD 100%
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...