Exam AWS Certified SysOps Administrator - Associate topic 1 question 77 discussion

If you have answered anything but A, remember that CloudTrail log file integrity validation is EXACTLY made for this purpose and nothing else.

**A. Enable CloudTrail log file integrity validation**. Enabling CloudTrail log file integrity validation ensures that the log files are protected using industry-standard algorithms (SHA-256 for hashing and SHA-256 with RSA for digital signing). This makes it computationally infeasible to modify, delete, or forge the log files without detection[1](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html)[2](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html).

To determine whether a log file was modified, deleted, or unchanged after CloudTrail delivered it, you can use CloudTrail log file integrity validation. This feature is built using industry standard algorithms: SHA-256 for hashing and SHA-256 with RSA for digital signing. This makes it computationally infeasible to modify, delete or forge CloudTrail log files without detection. You can use the AWS CLI to validate the files in the location where CloudTrail delivered them. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html#cloudtrail-log-file-validation-intro-use-cases

Answer is A and ChatGPT agrees: A. Enable CloudTrail log file integrity validation (Correct) CloudTrail log file integrity validation uses SHA-256 hashing and digital signatures to ensure that log files have not been tampered with or altered.This provides cryptographic proof of the integrity of the log files.It directly addresses the requirement to ensure that logs are not forged or modified.This is the most relevant feature provided by AWS CloudTrail for log protection. B. Use Amazon S3 MFA Delete on the S3 bucket where the CloudTrail log files are stored (Partially Correct)MFA Delete prevents accidental or unauthorized deletions of S3 objects, but it does not protect against forgery or tampering of log contents.While useful, this alone does not meet the full requirement of securing logs against modification or forgery.

I think it's B.

I'd go with B here as it specifically asks to protect the CT files from being modified, deleted or forged.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html#:~:text=To%20determine%20whether,CloudTrail%20delivered%20them.

no single option among the provided choices completely fulfills all three requirements

"Enable MFA delete on the Amazon S3 bucket where you store log files When you configure multi-factor authentication (MFA), attempts to change the versioning state of bucket, or delete an object version in a bucket, require additional authentication. This way, even if a user acquires the password of an IAM user with permissions to permanently delete Amazon S3 objects, you can still prevent operations that could compromise your log files." https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html

There's no question at all it's A.

I think B is correct. CloudTrail Log integrity does not prevent the file from being deleted. It will only detect if the file was deleted, to prevent deletion you should use MFA delete, which requires versioning to be enabled. https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

B is the correct answer. The key word here is to prevent the logs from being deleted. Answer would be incorrect as it does not mention about tracking who deleted the file.

A is correct

Answer b is correct. We not only don't want the files to be tampered with, no one ought to be able to delete it either. So, the only option that looks correct is option b.

real answer is WORM, aka object locks: https://aws.amazon.com/blogs/storage/protecting-data-with-amazon-s3-object-lock/ - but its not in the answers so we need to pick from what we have A is incorrect - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html - integrity feature doe not prevent anyone from deleting the file D is nonsence so its either B or C since MFA delete inherently requires versioning, I'd go for B

A is the right answer, how C, there is no mentioning of s3, it is mentioned "on various resource". i oppose C

Def. C is the correct as versioning on s3 buckets keeps the objects safe from deletion, while A won't prevent the deletion action itself it will just show it...