PrepAway - Latest Free Exam Questions & Answers

Which of the following are true regarding AWS CloudTrail?

Which of the following are true regarding AWS CloudTrail? Choose 3 answers

PrepAway - Latest Free Exam Questions & Answers

A.
CloudTrail is enabled globally

B.
CloudTrail is enabled by default

C.
CloudTrail is enabled on a per-region basis

D.
CloudTrail is enabled on a per-service basis.

E.
Logs can be delivered to a single Amazon S3 bucket for aggregation.

F.
CloudTrail is enabled for all available services within a region.

G.
Logs can only be processed and delivered to the region in which they are generated.

Explanation:
A:have a trail with the Apply trail to all regions option enabled.
C:have multiple single region trails.
E: Log files from all the regions can be delivered to a single S3 bucket
Global service events are always delivered to trails that have the Apply trail to all regions
option enabled. Events are delivered from a single region to the bucket for the trail. This
setting cannot be changed.
If you have a single region trail, you should enable the Include global services option.
If you have multiple single region trails, you should enable the Include global services option
in only one of the trails.
D Incorrect: once enabled it is applicable for all the supported services, service can’t be
selected

PrepAway - Latest Free Exam Questions & Answers

One Comment on “Which of the following are true regarding AWS CloudTrail?

  1. suresh.kasthuri says:

    14 AUG 2017
    The key features of AWS CloudTrail are:

    Always On: enabled on all AWS accounts and records your account activity upon account creation without the need to configure CloudTrail
    Event History: view, search, and download your recent AWS account activity
    Management Level Events: get details administrative actions such as creation, deletion, and modification of EC2 instances or S3 buckets
    Data Level Events: record all API actions on Amazon S3 objects and receive detailed information about API actions
    Log File Integrity Validation: validate the integrity of log files stored in your S3 bucket
    Log File Encryption: service encrypts all log files by default delivered to your S3 bucket using S3 server-side encryption (SSE). Option to encrypt log files with AWS Key Management Service (AWS KMS) as well
    Multi-region Configuration: configure service to deliver log files from multiple regions

    For more info
    https://aws.amazon.com/blogs/aws/new-amazon-web-services-extends-cloudtrail-to-all-aws-customers/




    7



    0

Leave a Reply

Your email address will not be published. Required fields are marked *