Logging Solution for AWS Account Security | Best Practices for Event Logging | AWS Certified Advanced Networking - Specialty Exam

Logging Solution for AWS Account Security

Prev Question Next Question

Question

Due to a lot of your EC2 services going off line at least once a week for no apparent reason your security officer has told you that you need to tighten up the logging of all events that occur on your AWS account.

He wants to be able to access all events that occur on the account across all regions quickly and in the simplest way possible.

He also wants to make sure he is the only person that has access to these events in the most secure way possible.

Which of the following would be the best solution to assure his requirements are met?Choose the correct answer from the options below.

Answers

A. Use CloudTrail to log all events to a separate S3 bucket in each region as CloudTrail cannot write to a bucket in a different region. Use MFA and bucket policies on all the different buckets.

B. Use CloudTrail to send all API calls to CloudWatch and send an email to the security officer every time an API call is made. Make sure the emails are encrypted.

C. Use CloudTrail to log all events to one S3 bucket. Make this S3 bucket only accessible by your security officer with a bucket policy that restricts access to his user only and also add MFA to the policy for a further level of security.

D. Use CloudTrail to log all events to an Amazon Glacier Vault. Make sure the vault access policy only grants access to the security officer`s IP address.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

Option B is invalid because you need Cloudtrail to monitor API calls and not send calls.

Option A is invalid because its not ideal to have different buckets for access to the one security officer.

And you can have Cloudtrail deliver log calls to one S3 bucket.

Option D is wrong because Glacier is not the ideal option for retrieval for the security officier.

For more information on Cloudtrail please see the below link:

https://aws.amazon.com/cloudtrail/

The best solution to meet the security officer's requirements would be to use CloudTrail to log all events to one S3 bucket and restrict access to the security officer only with a bucket policy that includes MFA.

Option A is incorrect because CloudTrail can write to an S3 bucket in a different region, so creating separate buckets for each region is unnecessary. This solution would also require the security officer to have access to multiple buckets, making it more difficult to manage.

Option B is incorrect because sending an email for every API call would generate a large number of emails and would not be an efficient way for the security officer to access the events. Also, email encryption does not necessarily provide the most secure way of access.

Option C is the best solution because it logs all events in one S3 bucket and restricts access to the security officer only. The bucket policy adds an extra layer of security by ensuring that no other user can access the events. Using MFA for the security officer adds an additional layer of security to protect against unauthorized access.

Option D is incorrect because storing logs in an Amazon Glacier vault is not an efficient way to access logs quickly. Additionally, the solution would only work if the security officer always accesses the logs from a specific IP address, which is not practical in most cases.

Therefore, the best solution would be to use CloudTrail to log all events to one S3 bucket and restrict access to the security officer only with a bucket policy that includes MFA.

Prev Question Next Question