A company stores sensitive data in an Amazon S3 bucket. The company must log all access attempts to the S3 bucket. The company’s risk team must receive immediate notification about any delete events.
Which solution will meet these requirements?
A.
Enable S3 server access logging for audit logs. Set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. Select DeleteObject for the event type for the alert system.
B.
Enable S3 server access logging for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance to download the access logs each day and to scan for a DeleteObject event.
C.
Use Amazon CloudWatch Logs for audit logs. Use Amazon CloudWatch alarms with an Amazon Simple Notification Service (Amazon SNS) notification for the alert system.
D.
Use Amazon CloudWatch Logs for audit logs. Launch an Amazon EC2 instance for the alert system. Run a cron job on the EC2 instance each day to compare the list of the items with the list from the previous day. Configure the cron job to send a notification if an item is missing.
Although S3 server access logging (as mentioned in Option A) captures all access events, its delivery is best-effort and often delayed—making it unsuitable for immediate notifications. By using CloudTrail to log S3 data events to CloudWatch Logs and creating metric filters and alarms for DeleteObject events, you can trigger near real-time SNS notifications to the risk team. This solution meets both the requirement for comprehensive logging and immediate alerts.
AWS Documentation: Logging Data Events with CloudTrail and Using Amazon CloudWatch Alarms
I think the key here is asking for 'Immediate notifications...".
The list of options suck. for A, SNS has to worked with S3 Event Notifications in order to provide real time trigger and notifications. For C, CloudWatch alone without CloudTrail deliveries logs to it, then it usesless...
so I have no idea which one is the offical answer - my bet here is this question will never appear in exam anymore - it's disqualified :)
Answer should be S3 Data logging with CloudTrail. However, that is not listed as an option. Next best answer is A. EC2 answers are nonsensical . CloudWatch Logs is not is not CloudTrail data logging.
as the doc explain
https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html#supported-notification-event-types
You should trigger object action to SNS, SQS and Lambda
The answers seem incomplete. Enabling S3 server access logging is very good for performing security and access audits. However, these logs are stored in an S3 bucket, when enabled. As for the delete events, wouldn't Event Notifications be the way to go? Create an event notification for object removal and use an SNS topic to send the notifications to your risk team.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/cloudtrail-logging.html
Option A and B are wrong. The completeness and timeliness of server acccess logging is not guaranteed.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerLogs.html#LogDeliveryBestEffort
A
To meet the requirements of logging all access attempts to the S3 bucket and receiving immediate notification about any delete events, the company can enable S3 server access logging and set up an Amazon Simple Notification Service (Amazon SNS) notification for the S3 bucket. The S3 server access logs will record all access attempts to the bucket, including delete events, and the SNS notification can be configured to send an alert when a DeleteObject event occurs.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Granddude
1 month, 1 week agoXXXXXlNN
5 months, 1 week agoalexleely
1 year, 7 months agoGomer
2 years agomichele_scar
2 years, 1 month agodefmania00
2 years, 1 month agoUntamables
2 years, 2 months agodefmania00
2 years, 2 months agoMrMLB
2 years, 4 months agobeznika
2 years, 4 months agomichaldavid
2 years, 4 months agoFatoch
2 years, 4 months ago