A company is setting up individual child accounts within AWS Organizations for each of its DevOps teams. AWS CloudTrail is configured across all accounts to log audit events to a centralized Amazon S3 bucket in a designated AWS account. A security engineer must ensure that DevOps team members cannot alter or disable this CloudTrail configuration. What measures can the security engineer implement to achieve this? | AWS Certified Security - Specialty Quiz