Question 273:
You are working as an AWS Architect for a global media firm. They have web servers deployed on EC2 instances across multiple regions. For audit purposes, you have created a CloudTrail trail that delivers the CloudTrail event log files to the S3 bucket This trail applies to all regions & delivers the CloudTrail event log files to the S3 buckets in the EU-Central region. During last year’s audit, auditors have raised a query on the integrity of log files that are delivered to the S3 buckets and raised a Non-Compliance flag against them. Which feature could help you to gain compliance from Auditors for given issue?
Answer options:
A.Use Amazon SSE-S3 encryption for the CloudTrail log file while storing it to S3 buckets. B.Use Amazon SSE-KMS encryption for CloudTrail log file while storing it to S3 buckets. C.Use an S3 bucket policy to grant access to only Security head for S3 buckets having CloudTrail log files. D.Enable the CloudTrail log file integrity validation feature.