ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 273 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 273
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company needs to log object-level activity in its Amazon S3 buckets. The company also needs to validate the integrity of the log file by using a digital signature.

Which solution will meet these requirements?

  • A. Create an AWS CloudTrail trail with log file validation enabled. Enable data events. Specify Amazon S3 as the data event type.
  • B. Create a new S3 bucket for S3 server access logs. Configure the existing S3 buckets to send their S3 server access logs to the new S3 bucket.
  • C. Create an Amazon CloudWatch Logs log group. Configure the existing S3 buckets to send their S3 server access logs to the log group.
  • D. Create a new S3 bucket for S3 server access logs with log file validation enabled. Enable data events. Specify Amazon S3 as the data event type.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by jdx000 at Nov. 27, 2024, 3:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
IPLogic
4 months, 3 weeks ago
Selected Answer: A
Object-Level Logging: By enabling data events in AWS CloudTrail and specifying Amazon S3 as the data event type, you can log object-level activities such as GET, PUT, DELETE, and other operations on your S3 objects. Log File Validation: AWS CloudTrail provides the option to enable log file integrity validation. When this feature is enabled, CloudTrail creates a hash for each log file and delivers it alongside the log file. This ensures that you can verify the integrity and authenticity of your log files, confirming they haven't been tampered with.
upvoted 2 times
IPLogic
4 months, 3 weeks ago
Option B: Creating a new S3 bucket for S3 server access logs provides logging but does not offer log file integrity validation. Option C: Using CloudWatch Logs is a valid option for logging, but it doesn't inherently provide log file validation with digital signatures. Option D: Similar to Option B, it addresses logging but lacks the specific capability of log file integrity validation that AWS CloudTrail provides. By choosing Option A, you ensure that your object-level activity is logged accurately, and you can validate the integrity of the log files, fulfilling the company's requirements.
upvoted 1 times
...
...
HappyG
4 months, 3 weeks ago
Selected Answer: A
Only CloudTrail provides the digital signature validation feature.
upvoted 2 times
...
jdx000
4 months, 4 weeks ago
Selected Answer: D
answer is D
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago