Answer-first summary for fast verification
Answer: Edit the existing trail in the Organizations management account and apply it to the organization.
The correct answer is C. Editing the existing trail in the AWS Organizations management account and applying it to the organization ensures that all member accounts, both existing and future, have a trail configured. This way, CloudTrail logs will consistently be sent to the centralized Amazon S3 logging bucket. Creating a trail at the organization level simplifies management and ensures compliance across all accounts. Options A, B, and D do not guarantee the enforcement of logging configurations across all member accounts in the same comprehensive manner.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company uses AWS Organizations to manage multiple AWS accounts. The security team has observed that some member accounts are not forwarding AWS CloudTrail logs to a central Amazon S3 bucket. To enforce logging across all accounts, both existing and future ones, what actions should the security team take?
A
Create a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge to send notification if a trail is deleted or stopped.
B
Deploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed.
C
Edit the existing trail in the Organizations management account and apply it to the organization.
D
Create an SCP to deny the cloudtrail:Delete* and cloudtrail:Stop* actions. Apply the SCP to all accounts.
No comments yet.