Which of the following are true regarding AWS CloudTrail? Choose 3 answers
A.
CloudTrail is enabled globally
B.
CloudTrail is enabled by default
C.
CloudTrail is enabled on a per-region basis
D.
CloudTrail is enabled on a per-service basis.
E.
Logs can be delivered to a single Amazon S3 bucket for aggregation.
F.
CloudTrail is enabled for all available services within a region.
G.
Logs can only be processed and delivered to the region in which they are generated.
Explanation:
http://aws.amazon.com/cloudtrail/faqs/
Imho C, D, E
Turn on CloudTrail. By default, when you create a trail in one region in the CloudTrail console, the trail will apply to all regions.
Create a new Amazon S3 bucket for storing your log files, or specify an existing bucket where you want the log files delivered. By default, log files from all AWS regions in your account will be delivered to the bucket you specify.
Source: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
0
0
Agree,
CDE
0
0
I couldn’t find docs that says how to enable cloudtrial for each service. A seems reasonable as you will get trial logs for all supported services once it’s turned on. I could be wrong
0
0
Funky question. You have the option to enable all regions globally or per region basis.
0
0
Exactly. This question is ridiculous.
0
0
ACE, even I couldn’t find docs for enabling it for each service. Please explain about D and give a reference for that.
0
0
Hi Arun,
Here you go for D.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html
0
0
Please log in to the console and see if you can enable logs per service.
0
0
A C E
0
0
Should be ACE.
I cannot be D as you cannot choose which service will be enabled, once turned on it will be enabled on all CloudTrail-enabled services as listed here
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html
I dont fully agree with A though as CloudTrail technically is activated per-region (not globally). Although, it does offer to activate in all regions (by default)
0
0
I will say CDE.
Answer A is only correct if it says “Cloudtrail CAN BE enabled globally” instead of “is enabled globally” Which is incorrect because when you go and turn on Cloudtrail, you have the option to select “all regions”, its not default
0
0
I have the same idea. ACE
0
0
ace
0
0
ACE seems correct . Once it enables it will capture all API queries not based on service. it will applicable to all listed service.
0
0
A: By default, CloudTrail delivers API calls for global services in every region.
C: (implicit in answer A)
E: CloudTrail will deliver the digest files across all regions and multiple accounts into the same Amazon S3 bucket.
0
0
A C E
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html
0
0
ACE
A:have a trail with the Apply trail to all regions option enabled.
C:have multiple single region trails.
E: Log files from all the regions can be delivered to a single S3 bucket
Global service events are always delivered to trails that have the Apply trail to all regions option enabled. Events are delivered from a single region to the bucket for the trail. This setting cannot be changed.
If you have a single region trail, you should enable the Include global services option.
If you have multiple single region trails, you should enable the Include global services option in only one of the trails.
D Incorrect : once enabled it is applicable for all the supported services, service can’t be selected
0
0
Answer is EFG.
Reason is
You can create two types of trails:
A trail that applies to all regions – When you create a trail that applies to all regions, CloudTrail creates the same trail in each region, records the log files in each region, and delivers the log files to the single S3 bucket (and optionally to the CloudWatch Logs log group) that you specify. This is the default option when you create a trail using the CloudTrail console. If you choose to receive Amazon SNS notifications for log file deliveries, one SNS topic will suffice for all regions. If you choose to have CloudTrail send events from a trail that applies to all regions to a CloudWatch Logs log group, events from all regions will be sent to the single log group.
A trail that applies to one region – You specify a bucket that receives events only from that region. The bucket can be in any region that you specify. If you create additional individual trails that apply to specific regions, you can have those trails deliver event logs to a single S3 bucket.
0
0
ACE
B-CloudTrail is enabled by default false
D-CloudTrail is enabled on a per-service basis. – its not its available region basis
F-CloudTrail is enabled for all available services within a region. -its enabled only for cloud trail supported service
G-Logs can only be processed and delivered to the region in which they are generated.- logs can only be process in same region but they can deliver in any region s3- bucket
0
0
ACE
0
0
ADE I believe. Its applied at global level, per service and Logs can be delivered to a single Amazon S3 bucket for aggregation.
0
0
A – Can be true
B – False
C – Always True
D – False
E – Always True
F – False
ACE
0
0
If “Can be true” is a reason for selecting, then B also “can be true”. Cloudtrail is enabled by default for the US GovCloud region.
I do think you accurately captured the intent of the person who wrote the question, but the above is why my initial read was that A and C conflict.
0
0
ACE
0
0
ACE
0
0
CEF
B is wrong – CloudTrail is not enabled by default; it must be enabled manually.
A and C contradict each other – C says you can choose which regions to enable CloudTrail for, while A says you have to enable it for all regions. The former is correct.
D and F contradict each other – D says you can choose which services to enable CloudTrail for, while F says you have to enable it for all services for which it is available. The latter is correct.
E and G contradict each other – E says all regions can send their logs to the same bucket, while G says each region has to have its own log bucket. The former is correct.
0
0
A and C are not contradicting each other. It is the user choice. He/She can enable CloudTrail for specific region or all regions. Both of them are correct.
F is NOT correct because CloudTrail is not available for ALL services in AWS. Please check https://www.amazonaws.cn/en/cloudtrail/faqs/
ACE is the right answer.
0
0
my answer is ACE
0
0
Answer is ACE
Most of the answers at the top are wrong. I’ve gone through the trouble of correcting all 400 of them for my own study purposes. If you would like a digital copy of this dump please send $40 to paypal.me/lyannabear
0
1
@iyannabear whats your email address. email me eattang@hawk.iit.edu
0
0
BEF
B
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html
1
0
ACE
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
0
0