Topic 1 Question 38
A company has a private Amazon S3 bucket that contains sensitive information. A SysOps administrator needs to keep logs of the IP addresses from authentication failures that result from attempts to access objects in the bucket. The logs must be stored so that they cannot be overwritten or deleted for 90 days. Which solution will meet these requirements?
Create an AWS CloudTrail trail. Configure the log files to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.
Create an AWS CloudTrail trail. Configure the log files to be saved to a different S3 bucket. Turn on CloudTrail log file integrity validation for 90 days.
Turn on access logging for the S3 bucket. Configure the access logs to be saved to Amazon CloudWatch Logs. Configure the log group with a retention period of 90 days.
Turn on access logging for the S3 bucket. Configure the access logs to be saved in a second S3 bucket. Turn on S3 Object Lock on the second S3 bucket, and configure a default retention period of 90 days.
ユーザの投票
コメント(17)
I would have thought is A, but after reading I found this: "CloudTrail does not deliver logs for requests that fail authentication (in which the provided credentials are not valid). However, it does include logs for requests in which authorization fails (AccessDenied) and requests that are made by anonymous users." https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
👍 7princajen2022/09/01- 正解だと思う選択肢: D
D. Learn more here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html
👍 6kati2k22cz2022/09/02 D is the correct answer. Here is why.. When logs are enabled for the S3 bucket, the destination needed is another s3 bucket (1). If logs are sent to CloudWatch, S3 Data Events will need to be enabled and delivered to CloudTrail, which in turn can be delivered to CloudWatch Logs (2).
References: 1.) https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html 2.) https://repost.aws/questions/QUktXj6H2NT1mPM3ZTulhTOA/s-3-server-access-logs-to-cloudwatch
👍 4CloudHandsOn2022/11/30
シャッフルモード