A company wants to use Cloudtrail for logging all API activity.
They want to segregate the logging of data events and management events.
How can this be achieved? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B and C.
Options A is incorrect because you have to create a trail and not a log group.
Option B is CORRECT because you can configure multiple trails differently so that the trails process and log only the events that you specify.
For example, one trail can log management events to deliver all management events to one S3 bucket.
Option C is CORRECT because CloudTrail can be configured to log management events or data events so that different events are delivered to separate S3 buckets.
Options D is incorrect because you have to create a trail and not a log group.
For more information on managing events with CloudTrail, kindly refer to the following URL:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.htmlThe correct answers are B and C.
Explanation: AWS CloudTrail is a service that logs all the API activity within an AWS account. It provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
In order to segregate the logging of data events and management events, we need to create two separate trails, one for data events and another for management events. The trails should be configured to log the respective events to separate S3 buckets.
Here is a detailed explanation of the correct answers:
B. Create one trail that logs data events to an S3 bucket: Creating a trail that logs data events to an S3 bucket is the first step in segregating data events from management events. Data events are AWS service events that can be classified as data plane operations, such as S3 object-level API operations or Lambda function invocations. When you create a trail to log data events, you need to specify the S3 bucket where the trail data will be stored. You can also choose to enable Amazon SNS notifications for the trail.
C. Create another trail that logs management events to another S3 bucket: Creating another trail that logs management events to another S3 bucket is the second step in segregating data events from management events. Management events are AWS service events that can be classified as control plane operations, such as AWS Management Console sign-ins or API calls to create or modify AWS resources. When you create a trail to log management events, you need to specify the S3 bucket where the trail data will be stored. You can also choose to enable Amazon SNS notifications for the trail.
A and D are not correct answers because creating separate CloudTrail log groups for data and management events will not segregate the logs into separate buckets. CloudTrail logs are stored in a single S3 bucket and can be segregated using trails that are configured to log data events or management events to different S3 buckets.