exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 833 discussion

A financial services company sells its software-as-a-service (SaaS) platform for application compliance to large global banks. The SaaS platform runs on AWS and uses multiple AWS accounts that are managed in an organization in AWS Organizations. The SaaS platform uses many AWS resources globally.
For regulatory compliance, all API calls to AWS resources must be audited, tracked for changes, and stored in a durable and secure data store.
Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a new AWS CloudTrail trail. Use an existing Amazon S3 bucket in the organization's management account to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 bucket.
  • B. Create a new AWS CloudTrail trail in each member account of the organization. Create new Amazon S3 buckets to store the logs. Deploy the trail to all AWS Regions. Enable MFA delete and encryption on the S3 buckets.
  • C. Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket with versioning turned on to store the logs. Deploy the trail for all accounts in the organization. Enable MFA delete and encryption on the S3 bucket.
  • D. Create a new AWS CloudTrail trail in the organization's management account. Create a new Amazon S3 bucket to store the logs. Configure Amazon Simple Notification Service (Amazon SNS) to send log-file delivery notifications to an external management system that will track the logs. Enable MFA delete and encryption on the S3 bucket.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Rocketeer
Highly Voted 2 years, 3 months ago
D seems to be the answer. No need to separately create the train in the member accounts. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html
upvoted 5 times
...
asfsdfsdf
Highly Voted 2 years, 4 months ago
Selected Answer: C
C - one management trail for all accounts no need to deliver logs for external system (not required in the question)
upvoted 5 times
...
Jesuisleon
Most Recent 1 year, 6 months ago
C is the answer. Amazon will NOT recommendate 3rd party softwares/ external management systems to the clients. that doesnt make sense. IT's AMAZON exam. so D is out.
upvoted 1 times
...
Heer
1 year, 10 months ago
Option C, Ideally It is best practice to configure CloudTrail in each member account, rather than in a single management account. This way, you can ensure that all API calls made within each account are being logged and tracked. But the ask in the question specifically says "Tracked Changes " which means versioning needs to be enabled .
upvoted 1 times
...
due
2 years ago
Selected Answer: C
S3 version for durable
upvoted 2 times
...
vijay1319
2 years, 1 month ago
Selected Answer: C
tracked for changes == versioning
upvoted 3 times
...
vijay1319
2 years, 1 month ago
tracked for changes == versioning
upvoted 1 times
...
redipa
2 years, 1 month ago
Selected Answer: C
Versioning is required for MFA delete. Answer has to be C
upvoted 3 times
...
aandc
2 years, 5 months ago
Selected Answer: C
external management system means management overhead
upvoted 3 times
...
solo18
2 years, 6 months ago
C is correct
upvoted 4 times
...
shailurtm2001
2 years, 7 months ago
D correct.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago