AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company uses AWS Organizations to manage multiple AWS accounts. The security team has observed that some member accounts are not forwarding AWS CloudTrail logs to a central Amazon S3 bucket. To enforce logging across all accounts, both existing and future ones, what actions should the security team take?
Explanation:
The correct answer is C. Editing the existing trail in the AWS Organizations management account and applying it to the organization ensures that all member accounts, both existing and future, have a trail configured. This way, CloudTrail logs will consistently be sent to the centralized Amazon S3 logging bucket. Creating a trail at the organization level simplifies management and ensures compliance across all accounts. Options A, B, and D do not guarantee the enforcement of logging configurations across all member accounts in the same comprehensive manner.