A company requires strict auditing of its AWS environment. They need to record all API calls and ensure that the log files have not been tampered with after creation. Which TWO features should be enabled? (Select TWO.)

Answer options:

Enable AWS CloudTrail.

Enable AWS Config.

Enable CloudTrail log file validation.

Enable S3 Object Lock in governance mode.

Enable Amazon CloudWatch Logs.

How to approach this question

Identify the service for API logging (CloudTrail) and its native feature for integrity (log file validation).

Full Answer

AWS CloudTrail records API activity. By enabling CloudTrail log file validation, AWS creates a digitally signed digest file, allowing you to verify that log files remained unchanged since CloudTrail delivered them.

Common mistakes

Choosing AWS Config instead of CloudTrail for API logging.

Question 09 All questions Question 11

Practice the full AWS SAA-C03 Practice Exam 3

65 questions · hints · full answers · grading

More questions from this exam

Q01A company stores sensitive documents in an Amazon S3 bucket. The security team requires that only...Easy Q02A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Medium Q03A company hosts a web application on Amazon EC2 instances behind an Application Load Balancer (AL...Easy Q04A company wants to continuously monitor its AWS accounts for malicious activity and unauthorized ...Medium Q05A company needs to encrypt data at rest in Amazon RDS and manage database credentials securely. T...Medium

View all 65 questions →