Answer-first summary for fast verification
Answer: Initiate a new CloudTrail trail in the organization's management account and configure it to record all events for every account in the organization.
Option B is the correct answer because creating a new CloudTrail trail in the organization's management account and configuring it to log all events for all AWS accounts in the organization provides a centralized and efficient way to manage CloudTrail trails. This approach ensures that all accounts within the organization are monitored without the need to create and manage individual trails in each account. Additionally, it simplifies the setup and ongoing management while ensuring consistency and compliance across the organization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is transitioning from an on-premises data center to the AWS Cloud and intends to utilize multiple AWS accounts managed through AWS Organizations. Initially, a few accounts will be set up, with more being added as required. A solutions architect is tasked with ensuring AWS CloudTrail is activated across all accounts. What is the most operationally efficient solution to achieve this?
A
Develop an AWS Lambda function to establish a new CloudTrail trail in every account within the organization. Schedule this Lambda function to run daily via a scheduled action in Amazon EventBridge.
B
Initiate a new CloudTrail trail in the organization's management account and configure it to record all events for every account in the organization.
C
Set up a new CloudTrail trail in each account within the organization. Automatically create new trails when additional accounts are added. Implement a Service Control Policy (SCP) to prevent the deletion or modification of trails and apply this SCP to the root Organizational Unit (OU).
D
Create an AWS Systems Manager Automation runbook to set up a CloudTrail trail in all accounts within the organization. Execute this automation using Systems Manager State Manager.
No comments yet.