MemberOctober 18, 2020 at 10:00 pm
In the Review Mode Set 1 – Design for Organizational Complexity, regarding the following question:
You are working as an IT Consultant for one of the Big 4 accounting firms with multiple VPCs in various regions. As part of their security compliance, you need to set up a logging solution to track all of the changes made to their AWS resources in all regions, which host their enterprise accounting system such as EC2, S3, CloudFront and IAM. The logging solution must ensure the security, integrity, and durability of your log data in order to pass the compliance requirements. In addition, it should provide an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and API calls.
In this scenario, which of the following options is the best solution to use?
the correct answer is: Create a new AWS CloudTrail trail in a new S3 bucket using the AWS CLI and also pass both the –is-multi-region-trail and –include-global-service-events parameters then encrypt log files using KMS encryption. Enable Multi-Factor Authentication (MFA) Delete on the S3 bucket and ensure that only authorized users can access the logs by configuring the bucket policies.
however in the explanation, you mention:
CloudWatch can be used for this case with multi-region trail enabled. However, CloudWatch will only cover the activities of the regional services (EC2, S3, RDS etc.) and not for global services such as IAM, CloudFront, AWS WAF, and Route 53.
Shouldn’t it be cloudtrail instead of cloudwatch?
MemberOctober 19, 2020 at 9:45 am
Thanks for bringing up the question. We have updated the minor typo in the explanation. This change will be reflected in our practice tests soon.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam on your first try!
Gerome @ Tutorials Dojo
Log in to reply.