A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted. How should the SysOps administrator meet these requirements?
A.
Enable log file integrity validation. Use the AWS CLI to validate the log files.
B.
Enable log file integrity validation. Use the AWS CloudTrail Processing Library to validate the log files.
C.
Use CloudTrail Insights to monitor the log files for modifications.
D.
Use Amazon CloudWatch Logs to monitor the log files for modifications.
Option B is incorrect because AWS CloudTrail Processing Library helps developers to read, process, and analyze AWS CloudTrail data but doesn't provide the functionality to validate the integrity of CloudTrail log files.
While the other options have their uses, they don't directly meet the requirement as effectively as option D:
A and B (Log File Integrity Validation): Enabling log file integrity validation is important for ensuring that the logs have not been tampered with. However, this feature is more about post-event validation rather than real-time monitoring or alerting. It requires manual initiation (using the AWS CLI or CloudTrail Processing Library) to validate the integrity of log files, which does not provide immediate notifications of modifications or deletions.
C (CloudTrail Insights): CloudTrail Insights is designed to identify unusual operational activity within your AWS account, not specifically to monitor log file integrity or alert on log file modifications or deletions. It is more focused on detecting anomalous API activity rather than changes to the log files themselves.
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-cli.html
To validate logs with the AWS Command Line Interface, use the CloudTrail validate-logs command. The command uses the digest files delivered to your Amazon S3 bucket to perform the validation. For information about digest files, see CloudTrail digest file structure.
The AWS CLI allows you to detect the following types of changes:
Modification or deletion of CloudTrail log files
Modification or deletion of CloudTrail digest files
Modification or deletion of both of the above
AAAA is the correct answer.
To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
B
Option A is incorrect because it does not specify how to validate the log files. Option C is incorrect because CloudTrail Insights is a feature that allows you to analyze CloudTrail log data, but it does not provide a way to validate log file integrity. Option D is incorrect because Amazon CloudWatch Logs is a service that allows you to monitor, store, and access your log data, but it does not provide a way to validate log file integrity.
Another wrong ChatGPT answer.. "To validate the integrity of CloudTrail log files, you can use the AWS CLI or create your own solution" (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html )
The answer is A!
The CloudTrail Processing Library is a Java library that provides an easy way to process AWS CloudTrail logs. You provide configuration details about your CloudTrail SQS queue and write code to process events. The CloudTrail Processing Library does the rest. It polls your Amazon SQS queue, reads and parses queue messages, downloads CloudTrail log files, parses events in the log files, and passes the events to your code as Java objects.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/use-the-cloudtrail-processing-library.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Andrew_A
Highly Voted 1 year, 10 months agoXXXXXlNN
Most Recent 6 months agopekalyok
1 year, 1 month agoMcEgowan2023
1 year, 5 months agoChristina666
1 year, 9 months agobraveheart22
2 years, 1 month agobraveheart22
2 years, 2 months agozolthar_z
2 years, 4 months agoMrMLB
2 years, 4 months agoforeverlearner
2 years, 4 months agomichaldavid
2 years, 4 months agoSurferbolt
2 years, 6 months agoAAAaat
2 years, 7 months agohaxaffee
2 years, 8 months agoprincajen
2 years, 8 months ago[Removed]
2 years, 4 months agoFlosuccess
2 years, 8 months ago