Answer: Enable server access logging for all current S3 buckets Use the audit logs S3 bucket as a destination for audit logs

Answer A suggests enabling server access logging for all current S3 buckets and using the audit logs S3 bucket as a destination for audit logs. 1. **Explanation for Answer A:** - **Server Access Logging:** It is a feature offered by Amazon S3 that provides detailed records for the requests made to your bucket. When you enable server access logging, logs are stored in an S3 bucket and record the operations performed, such as GET, PUT, DELETE, etc. - **Centralized Logging:** By configuring the audit logs S3 bucket, already designated for centralized logging, as the destination for these logs, you achieve the objective of centralized auditing. The audit logs bucket is in an account meant for centralized logging and has policies that allow cross-account writing, facilitating the collection of logs from different accounts. - **S3 Bucket Policies:** The audit logs bucket is set up with a policy that enables write-only access specifically for logging, ensuring that logs can be added but not altered or deleted, which adheres to compliance and security requirements. - **Future S3 Buckets:** While this option primarily mentions current S3 buckets, implementing server access logging policy systematically to all new buckets can be automated through scripts or AWS CloudFormation, ensuring future compliance. Thus, enabling server access logging and directing these logs to the centralized audit logs bucket meets the security policy requirement to log data retrieval events from S3 buckets. However, this approach may not directly address object-level logging comprehensively for all operations that CloudTrail can provide.

Author: LeetQuiz Editorial Team