ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 357 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 357
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A financial services company sells its software-as-a-service (SaaS) platform for application compliance to large global banks. The SaaS platform runs on AWS and uses multiple AWS accounts that are managed in an organization in AWS Organizations. The SaaS platform uses many AWS resources globally.

For regulatory compliance, all API calls to AWS resources must be audited, tracked for changes, and stored in a durable and secure data store.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a new AWS CloudTrail trail. Use an existing Amazon S3 bucket in the organization's management account to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 bucket.
  • B. Create a new AWS CloudTrail trail in each member account of the organization. Create new Amazon S3 buckets to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 buckets.
  • C. Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket with versioning turned on to store the logs. Deploy the trail for all accounts in the organization. Enable MFA delete and encryption on the S3 bucket.
  • D. Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket to store the logs. Configure Amazon Simple Notification Service (Amazon SNS) to send log-file delivery notifications to an external management system that will track the logs. Enable MFA delete and encryption on the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by devalenzuela86 at Nov. 22, 2023, 3:19 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Totoroha
Highly Voted 1 year, 2 months ago
i thinks C is correct answer
upvoted 11 times
...
Dgix
Highly Voted 11 months ago
Selected Answer: C
C is correct. Do not get fooled by the phrase "deploy the trail for all accounts" to think that a trail is created in each account – it means that the new organisational-level trail is _configured_ to capture data for all accounts.
upvoted 10 times
juanife
1 day ago
thanks for that info, someone tends to be misled by those phrases.
upvoted 1 times
...
...
AzureDP900
Most Recent 2 months, 4 weeks ago
Option C: Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket with versioning turned on to store the logs. Deploy the trail for all accounts in the organization. Enable MFA delete and encryption on the S3 bucket. The management account can act as a central hub for logging and auditing. Using an existing S3 bucket in the management account reduces operational overhead compared to creating multiple buckets across different accounts. Versioning turned on ensures that old log versions are not automatically deleted, providing an additional layer of compliance.
upvoted 1 times
...
Chungies
4 months, 2 weeks ago
I will go with D as the correct answer because C has versioning turned on which is not necessary in this case. You can configure a trail to use Amazon SNS topic and be notifies when cloud trail publishes new log files to the Amazon S3 bucket.
upvoted 1 times
dv1
2 months, 2 weeks ago
Yes, S3 versioning is not necessary for the org trail to function, but it is a good practice to have in case of accidental deletion of events in the bucket. Option D with SNS is irrelevant.
upvoted 1 times
...
...
career360guru
1 year, 1 month ago
Selected Answer: C
Option C
upvoted 1 times
...
MegalodonBolado
1 year, 1 month ago
Selected Answer: C
A: Should always create new bucket for cloudtrail B: When you create an organization trail, a trail with the name that you give it is created in every AWS account that belongs to your organization. C: Correct D: For several reasons, use SNS only to notify admin, not to use email as a external mgmt system
upvoted 3 times
...
duriselvan
1 year, 1 month ago
D ans :- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/configure-sns-notifications-for-cloudtrail.html
upvoted 1 times
...
J0n102
1 year, 2 months ago
Selected Answer: C
Answer: C
upvoted 1 times
...
ProMax
1 year, 2 months ago
Selected Answer: C
C is correct
upvoted 3 times
...
oomwowww
1 year, 2 months ago
Selected Answer: C
i thinks C is correct answer
upvoted 3 times
...
devalenzuela86
1 year, 2 months ago
Selected Answer: A
A for sure
upvoted 1 times
devalenzuela86
1 year, 2 months ago
Yes, C is the correct
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago