Question 10:
A company is using CloudTrail to log all AWS API activity for all regions in all of its accounts. The CISO has asked that additional steps be taken to protect the integrity of the log files. What combination of steps will protect the log files from intentional or unintentional alteration? Choose 2 answers from the options given below
Answer options:
A.Create an S3 bucket in a dedicated log account and grant the other accounts write only access. Deliver all log files from every account to this S3 bucket. B.Write a Lambda function that queries the Trusted Advisor Cloud Trail checks. Run the function every 10 minutes. C.Enable Cloud Trail log file integrity validation D.Use Systems Manager Configuration Compliance to continually monitor the access policies of S3 buckets containing Cloud Trail logs. E.Create a Security Group that blocks all traffic except calls from the CloudTrail service. Associate the security group with all the Cloud Trail destination S3 buckets.