A company has several accounts between different teams and wants to increase its auditing and compliance capabilities. The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified. How can a SysOps administrator achieve this is with the LEAST amount of operational overhead?
A) Store AWS CloudTrail logs in Amazon S3 in each account. Create a new account to store compliance data and replicate the objects into the newly created account.
B) Store AWS CloudTrail logs in Amazon S3 in each account. Create an IAM user with read-only access to the CloudTrail logs.
C) From the master account, create an organization trail using AWS CloudTrail and apply it to all Regions. Use IAM roles to restrict access.
D) Use an AWS CloudFormation stack set to create an AWS CloudTrail trail in every account and restrict permissions to modify the logs.
Correct Answer:
Verified
Q703: You need to design a VPC for
Q704: You have an Auto Scaling group associated
Q705: A SysOps administrator is evaluating Amazon Route
Q706: A company wants to reduce costs on
Q707: A popular auctioning platform requires near-real-time access
Q709: A SysOps administrator is investigating why a
Q710: A security audit revealed that the security
Q711: A SysOps Administrator must remove public IP
Q712: A sysops administrator is managing an application
Q713: A medical imaging company needs to process
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents