ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 40 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 40
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

You currently operate a web application. In the AWS US-East region. The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data.
Which of these solutions would you recommend?

  • A. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
  • B. Create a new CloudTrail with one new S3 bucket to store the logs Configure SNS to send log file delivery notifications to your management system. Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.
  • C. Create a new CloudTrail trail with an existing S3 bucket to store the logs and with the global services option selected. Use S3 ACLs and Multi Factor Authentication (MFA). Delete on the S3 bucket that stores your logs.
  • D. Create three new CloudTrail trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools. Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ExtHo at March 17, 2021, 7:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cldy
Highly Voted 3 years, 6 months ago
A. 1 a new CT trail + 1 new S3 bucket + global services option selected + IAM roles + bucket policies + MFA Delete.
upvoted 9 times
...
amministrazione
Most Recent 8 months, 3 weeks ago
A. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
upvoted 1 times
...
SkyZeroZx
1 year, 10 months ago
Selected Answer: A
A. 1 a new CT trail + 1 new S3 bucket + global services option selected + IAM roles + bucket policies + MFA Delete.
upvoted 1 times
...
jj22222
3 years, 1 month ago
Selected Answer: A
A. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services option selected. Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
upvoted 1 times
...
Akhil254
3 years, 6 months ago
A Correct
upvoted 1 times
...
01037
3 years, 6 months ago
A. But why is global services option needed. There is only one region, isn't it?
upvoted 2 times
blackgamer
3 years, 6 months ago
Yes, A is correct. Global services option is not needed to select when creates using AWS console, but it will need to set --is-multi-region-trail true to enable global services if you create from aws cli.
upvoted 1 times
...
wassb
2 years, 7 months ago
"Durability" i think. In case of using a new region
upvoted 1 times
...
...
ExtHo
3 years, 6 months ago
A is correct one
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago