A financial services company offers a software-as-a-service (SaaS) platform for application compliance to large global banks. This SaaS platform operates on AWS and utilizes multiple AWS accounts managed within an AWS Organizations setup. The platform leverages numerous AWS resources across various regions. To comply with regulatory standards, all API calls made to these AWS resources must be audited, tracked for any modifications, and securely stored in a durable data repository. What is the most efficient solution that minimizes operational overhead while fulfilling these compliance requirements?

Exam-Like

Establish a new AWS CloudTrail trail. Utilize an existing Amazon S3 bucket within the organization's management account for log storage. Extend the trail deployment across all AWS Regions. Activate MFA delete and encryption features on the S3 bucket.

16.7%

Initiate a new AWS CloudTrail trail in every member account of the organization. Create distinct Amazon S3 buckets for log storage in each account. Extend the trail deployment across all AWS Regions. Activate MFA delete and encryption features on the S3 buckets.

0.0%

Set up a new AWS CloudTrail trail within the organization's management account. Create a new Amazon S3 bucket with versioning enabled for log storage. Extend the trail deployment to encompass all accounts within the organization. Activate MFA delete and encryption features on the S3 bucket.

50.0%

Deploy a new AWS CloudTrail trail within the organization's management account. Create a new Amazon S3 bucket for log storage. Configure Amazon Simple Notification Service (Amazon SNS) to dispatch log-file delivery notifications to an external management system responsible for tracking the logs. Activate MFA delete and encryption features on the S3 bucket.

33.3%

AWS Certified Solutions Architect - Professional

Get started today

Comments