Topic 1 Question 51
3 つ選択A company's AWS CloudTrail logs are all centrally stored in an Amazon S3 bucket. The security team controls the company's AWS account. The security team must prevent unauthorized access and tampering of the CloudTrail logs. Which combination of steps should the security team take?
Configure server-side encryption with AWS KMS managed encryption keys (SSE-KMS).
Compress log files with secure gzip.
Create an Amazon EventBridge rule to notify the security team of any modifications on CloudTrail log files.
Implement least privilege access to the S3 bucket by configuring a bucket policy.
Configure CloudTrail log file integrity validation.
Configure Access Analyzer for S3.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: ADE👍 4ahrentom2024/04/25
- 正解だと思う選択肢: ADE
Here's what it describes about the usage of log file integration and the SSE-KMS usecase scenario:
"If you use SSE-KMS and log file validation, and you have modified your Amazon S3 bucket policy to only allow SSE-KMS encrypted files, you will not be able to create trails that utilize that bucket unless you modify your bucket policy to specifically allow AES256 encryption, as shown in the following example policy line.
"StringNotEquals": { "s3:x-amz-server-side-encryption": ["aws:kms", "AES256"] } "
👍 3Aamee2024/05/21 - 正解だと思う選択肢: ADE
ADE We agree.
👍 1Raphaello2024/08/09
シャッフルモード