Explanation:
The correct answer is D. To encrypt the log data in an existing Amazon CloudWatch Logs log group with the least effort, you should use the AWS CLI command 'aws logs associate-kms-key' and specify the key Amazon Resource Name (ARN). This command allows you to associate a KMS key with an existing log group, enabling encryption for future log data without having to recreate the log group or manually encrypt and decrypt the data.
Ultimate access to all questions.
No comments yet.
A developer needs to encrypt log data in an existing Amazon CloudWatch Logs log group using AWS KMS to meet security policies. What is the least effort solution to enable encryption for future data?
A
Implement AWS Encryption SDK for pre-logging data encryption and decryption.
B
Associate a KMS key with the log group using the AWS KMS console.
C
Specify a KMS key ARN when creating a log group with the AWS CLI.
D
Associate a KMS key with the existing log group using the AWS CLI.