ExamQuestions.com

Register
Login
AWS Certified Security Specialty Exam Questions

Amazon

AWS Certified Security Specialty

185 / 310

Question 185:

You maintain an AWS Organization that contains several Organizational Units (OUs). Each OU has multiple AWS accounts. You want to create a central CloudTrail to record events in all the accounts within the Organization. The new trail must be enabled for all regions and logged in a single centralized S3 bucket.
How would you configure the CloudTrail for the Organization?

Answer options:

A.Use an IAM role in the master account to create a new trail. Configure the trail to apply to all the child accounts within the organization.
B.Use an IAM user in each account to create a trail. In the master account, create an organizational trail to include all the trails created in the child accounts.
C.Login in the AWS console using any account within the Organization. Create a new trail in the CloudTrail service. Select all Organizational Units to add to the trail.
D.Use an IAM user in the master account to create a new trail. Configure the trail to apply to the AWS Organization.