Exam 350-701 topic 1 question 512 discussion

Advantages and Disadvantages to Configuring a Cisco-Managed Bucket: Some SIEM integration types (such as QRadar) may require advanced privileges for the user accessing the S3 bucket (beyond the basic Read permissions) and as such, may not work with this feature. https://docs.umbrella.com/deployment-umbrella/docs/log-management#advantages For example, Splunk can have S3 full access if a self-managed S3 bucket is used: https://support.umbrella.com/hc/en-us/articles/230650987-Configuring-Splunk-with-a-Self-managed-S3-Bucket

The answer is A. It can grant third-party SIEM integrations write access to the S3 bucket.

This is why - the benefit - we ship the logs to the S3 bucket - to let a third-party application, SIEM, in this scenario - can read it. Other applications' access can be managed by the IAM and assigned roles to them.

Configuring cloud logging using a company-managed Amazon S3 bucket for Cisco Umbrella logs provides the benefit of granting third-party SIEM integrations write access to the S3 bucket. This means that other applications or services, such as a Security Information and Event Management (SIEM) system, can access and use the log data stored in the S3 bucket for analysis and correlation with other security events. This integration can help organizations to identify and respond to security threats more effectively.

The question says "a company-managed Amazon S3 bucket". Therefore this link applies https://docs.umbrella.com/deployment-umbrella/docs/setting-up-an-amazon-s3-bucket C is wrong. A sounds correct.

seems C is the correct answer https://docs.umbrella.com/deployment-umbrella/docs/cisco-managed-s3-bucket The Cisco IAM user is able to write files to the S3 bucket, and the customer IAM user is able to read from the bucket. Customers are able to rotate their keys at any time.