Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 62 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 62
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  • B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  • C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
  • D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by PatNathan at April 27, 2021, 1:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Finger41
Highly Voted 3 years ago
D - "When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. Validated log files are invaluable in security and forensic investigations" https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
upvoted 19 times
...
gehadg
Most Recent 2 weeks, 1 day ago
Correct Answer: D CloudTrail File Integrity: AWS CloudTrail offers a built-in file integrity validation feature. When this feature is enabled, CloudTrail automatically creates digest files that provide a way to verify that log files have not been tampered with. The digest files contain hashes that allow the security team to trace the integrity of each file, ensuring data has not been altered. Operational Efficiency: This solution is the most operationally efficient, as it leverages CloudTrail’s native functionality without requiring additional resources like Lambda functions or DynamoDB tables. Other Options: Option A and Option B: Both require custom implementations using Lambda to calculate file hashes, which increases complexity and operational overhead. Option C: The CloudTrail file integrity feature is enabled directly on the trail itself, not just on the S3 bucket, so this option does not fully meet the requirements.
upvoted 2 times
...
2f0a02c
11 months, 3 weeks ago
D is the Answer
upvoted 1 times
...
Andrew_A
1 year, 5 months ago
Selected Answer: D
AWS CloudTrail provides a feature that allows you to validate the integrity of the CloudTrail log files stored in your S3 bucket. When you enable log file integrity validation, CloudTrail creates a digest file for every log that is delivered to your account. This file contains the hash values of every log file in the delivery and can be used to confirm that the logs have not been tampered with.
upvoted 1 times
...
joesome
1 year, 5 months ago
Answer is D
upvoted 2 times
...
mavhandu
1 year, 8 months ago
Validating CloudTrail log file integrity is important to ensure that the logs have not been tampered with and to verify their authenticity
upvoted 1 times
...
BietTuot
1 year, 11 months ago
Selected Answer: D
D is correct answer
upvoted 1 times
...
MrMLB
1 year, 11 months ago
Selected Answer: D
D it is
upvoted 1 times
...
michaldavid
1 year, 11 months ago
Selected Answer: D
DDDDDDDD
upvoted 1 times
...
pravinb
1 year, 11 months ago
only D
upvoted 1 times
...
sassy69
2 years, 1 month ago
Selected Answer: D
I vote D as well
upvoted 1 times
...
Surferbolt
2 years, 1 month ago
Selected Answer: D
D. CloudTrail log file integrity validation
upvoted 1 times
...
CHRIS12722222
2 years, 1 month ago
integrity is not an s3 feature, it's a cloudtrail feature. vote for D
upvoted 1 times
...
princajen
2 years, 2 months ago
Selected Answer: D
I vote for D
upvoted 1 times
...
Mikilo
2 years, 5 months ago
Selected Answer: D
D is the answer
upvoted 2 times
...
hammering
2 years, 7 months ago
choose D
upvoted 1 times
...
MrkJobs
2 years, 10 months ago
Selected Answer: D
Answer D no S3 bucket enabling. "To enable log file integrity validation, you can use the AWS Management Console, the AWS CLI, or CloudTrail API. For more information, see Enabling log file integrity validation for CloudTrail." "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html"
upvoted 4 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel