ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 62 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 62
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company asks a SysOps administrator to ensure that AWS CloudTrail files are not tampered with after they are created. Currently, the company uses AWS
Identity and Access Management (IAM) to restrict access to specific trails. The company's security team needs the ability to trace the integrity of each file.
What is the MOST operationally efficient solution that meets these requirements?

  • A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function when a new file is delivered. Configure the Lambda function to compute an MD5 hash check on the file and store the result in an Amazon DynamoDB table. The security team can use the values that are stored in DynamoDB to verify the integrity of the delivered files.
  • B. Create an AWS Lambda function that is invoked each time a new file is delivered to the CloudTrail bucket. Configure the Lambda function to compute an MD5 hash check on the file and store the result as a tag in an Amazon 53 object. The security team can use the information in the tag to verify the integrity of the delivered files.
  • C. Enable the CloudTrail file integrity feature on an Amazon S3 bucket. Create an IAM policy that grants the security team access to the file integrity logs that are stored in the S3 bucket.
  • D. Enable the CloudTrail file integrity feature on the trail. The security team can use the digest file that is created by CloudTrail to verify the integrity of the delivered files.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by PatNathan at April 27, 2021, 1:10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Finger41
Highly Voted 3 years, 6 months ago
D - "When you enable log file integrity validation, CloudTrail creates a hash for every log file that it delivers. Every hour, CloudTrail also creates and delivers a file that references the log files for the last hour and contains a hash of each. This file is called a digest file. Validated log files are invaluable in security and forensic investigations" https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
upvoted 21 times
...
mk1523
Most Recent 4 months ago
Selected Answer: D
DDDDDDDDDDD
upvoted 1 times
...
gehadg
6 months ago
Correct Answer: D CloudTrail File Integrity: AWS CloudTrail offers a built-in file integrity validation feature. When this feature is enabled, CloudTrail automatically creates digest files that provide a way to verify that log files have not been tampered with. The digest files contain hashes that allow the security team to trace the integrity of each file, ensuring data has not been altered. Operational Efficiency: This solution is the most operationally efficient, as it leverages CloudTrail’s native functionality without requiring additional resources like Lambda functions or DynamoDB tables. Other Options: Option A and Option B: Both require custom implementations using Lambda to calculate file hashes, which increases complexity and operational overhead. Option C: The CloudTrail file integrity feature is enabled directly on the trail itself, not just on the S3 bucket, so this option does not fully meet the requirements.
upvoted 2 times
...
2f0a02c
1 year, 5 months ago
D is the Answer
upvoted 1 times
...
Andrew_A
1 year, 10 months ago
Selected Answer: D
AWS CloudTrail provides a feature that allows you to validate the integrity of the CloudTrail log files stored in your S3 bucket. When you enable log file integrity validation, CloudTrail creates a digest file for every log that is delivered to your account. This file contains the hash values of every log file in the delivery and can be used to confirm that the logs have not been tampered with.
upvoted 1 times
...
joesome
1 year, 10 months ago
Answer is D
upvoted 2 times
...
mavhandu
2 years, 1 month ago
Validating CloudTrail log file integrity is important to ensure that the logs have not been tampered with and to verify their authenticity
upvoted 1 times
...
BietTuot
2 years, 4 months ago
Selected Answer: D
D is correct answer
upvoted 1 times
...
MrMLB
2 years, 4 months ago
Selected Answer: D
D it is
upvoted 1 times
...
michaldavid
2 years, 4 months ago
Selected Answer: D
DDDDDDDD
upvoted 1 times
...
pravinb
2 years, 4 months ago
only D
upvoted 1 times
...
sassy69
2 years, 6 months ago
Selected Answer: D
I vote D as well
upvoted 1 times
...
Surferbolt
2 years, 6 months ago
Selected Answer: D
D. CloudTrail log file integrity validation
upvoted 1 times
...
CHRIS12722222
2 years, 7 months ago
integrity is not an s3 feature, it's a cloudtrail feature. vote for D
upvoted 1 times
...
princajen
2 years, 7 months ago
Selected Answer: D
I vote for D
upvoted 1 times
...
Mikilo
2 years, 11 months ago
Selected Answer: D
D is the answer
upvoted 2 times
...
hammering
3 years, 1 month ago
choose D
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago