Explanation:
CloudTrail log file integrity validation creates a SHA-256 hash of each log file and stores it in a separate digest file. This allows verification that logs have not been tampered with or deleted, meeting the requirement efficiently.
Ultimate access to all questions.
A company is using AWS CloudTrail and wants to ensure that SysOps administrators can easily verify that the log files have not been deleted or changed. Which action should a SysOps administrator take to meet this requirement?
A
Grant administrators access to the AWS Key Management Service (AWS KMS) key used to encrypt the log files.
B
Enable CloudTrail log file integrity validation when the trail is created or updated.
C
Turn on Amazon S3 server access logging for the bucket storing the log files.
D
Configure the S3 bucket to replicate the log files to another bucket.
No comments yet.