ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 943 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 943
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is planning a migration from an on-premises data center to the AWS Cloud. The company plans to use multiple AWS accounts that are managed in an organization in AWS Organizations. The company will create a small number of accounts initially and will add accounts as needed. A solutions architect must design a solution that turns on AWS CloudTrail in all AWS accounts.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an AWS Lambda function that creates a new CloudTrail trail in all AWS accounts in the organization. Invoke the Lambda function daily by using a scheduled action in Amazon EventBridge (Amazon CloudWatch Events).
  • B. Create a new CloudTrail trail in the organization's management account. Configure the trail to log all events for all AWS accounts in the organization.
  • C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trails whenever a new account is created. Define an SCP that prevents deletion or modification of trails. Apply the SCP to the root OU.
  • D. Create an AWS Systems Manager Automation runbook that creates a CloudTrail trail in all AWS accounts in the organization. Invoke the automation by using Systems Manager State Manager.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cale at Sept. 8, 2022, 12:56 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pixepe
Highly Voted 2 years, 9 months ago
Answer is B Per AWS documentation at https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html: "If you have created an organization in AWS Organizations, you can create a trail that logs all events for all AWS accounts in that organization. This is sometimes called an organization trail. You can also choose to edit an existing trail in the management account and apply it to an organization, making it an organization trail."
upvoted 11 times
...
cale
Highly Voted 2 years, 9 months ago
Selected Answer: B
B seems right.
upvoted 5 times
...
janvandermerwer
Most Recent 2 years, 7 months ago
Selected Answer: B
B = MOST operationally efficient solution Tested today - If you provision another account, this automatically adds the configuration in. SCP can then be used to prevent deletion of trails - Typically you'd forward trails to an "audit" account or similar.
upvoted 2 times
...
skywalker
2 years, 8 months ago
Selected Answer: B
B looks right.
upvoted 2 times
...
JayF88
2 years, 8 months ago
Selected Answer: B
B is the right answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel