ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 830 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 830
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company has a new security policy. The policy requires the company to log any event that retrieves data from Amazon S3 buckets. The company must save these audit logs in a dedicated S3 bucket.
The company created the audit logs S3 bucket in an AWS account that is designated for centralized logging. The S3 bucket has a bucket policy that allows write- only cross-account access.
A solutions architect must ensure that all S3 object-level access is being logged for current S3 buckets and future S3 buckets.
Which solution will meet these requirements?

  • A. Enable server access logging for all current S3 buckets. Use the audit logs S3 bucket as a destination for audit logs.
  • B. Enable replication between all current S3 buckets and the audit logs S3 bucket. Enable S3 Versioning in the audit logs S3 bucket.
  • C. Configure S3 Event Notifications for all current S3 buckets to invoke an AWS Lambda function every time objects are accessed. Store Lambda logs in the audit logs S3 bucket.
  • D. Enable AWS CloudTrail, and use the audit logs S3 bucket to store logs. Enable data event logging for S3 event sources, current S3 buckets, and future S3 buckets.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bigbearcn at April 25, 2022, 1:24 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CAIYasia
10 months ago
AWS CloudTrail provides comprehensive logging of API calls, including S3 data events, which includes object-level operations like GetObject, PutObject, etc. Data event logging for S3 ensures that every read and write operation at the object level is captured, which satisfies the requirement to log any event that retrieves data from S3 buckets. Enabling data event logging for both current and future S3 buckets ensures compliance with the new security policy and makes sure that no events are missed. Using the audit logs S3 bucket to store the logs consolidates all audit logs in a centralized, designated account, enhancing security and manageability. Enabling server access logging (Option A) only provides information about requests to S3 buckets, but does not capture the detailed object-level events required by the security policy. Hence, CloudTrail is the more suitable solution for the specified requirements.
upvoted 1 times
...
evargasbrz
2 years, 4 months ago
Selected Answer: D
I'll go with D
upvoted 1 times
...
janvandermerwer
2 years, 5 months ago
Selected Answer: D
D - Is the standard configuration when we deploy environments. https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-cloudtrail-logging-for-s3.html
upvoted 1 times
...
AwsBRFan
2 years, 6 months ago
Selected Answer: D
Infact , access logs does not support cross accout log delivery: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
upvoted 1 times
devilman222
8 months, 3 weeks ago
If you want access logs for cross account delivery, you will need to use something like kinesis firehose , so it can be done, but it's overkill and expensive.
upvoted 1 times
...
...
asfsdfsdf
2 years, 9 months ago
Selected Answer: D
only D will force the policy on for future buckets
upvoted 2 times
...
Bigbearcn
3 years ago
Selected Answer: D
D is correct.
upvoted 3 times
Bigbearcn
3 years ago
s3 access log don't support cross account log delivery
upvoted 2 times
[Removed]
2 years, 7 months ago
Cloudtrail data event for s3 supports cross account log delivery - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-for-s3-resources-in-other-accounts
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago