ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 256 - DOP-C01 discussion

Report
Export

Your CTO thinks your AWS account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS engineers and doing everything they can to cover their tracks?

A.
Use CloudTrail Log File Integrity Validation.
Answers
A.
Use CloudTrail Log File Integrity Validation.
B.
Use AWS Config SNS Subscriptions and process events in real time.
Answers
B.
Use AWS Config SNS Subscriptions and process events in real time.
C.
Use CloudTrail backed up to AWS S3 and Glacier.
Answers
C.
Use CloudTrail backed up to AWS S3 and Glacier.
D.
Use AWS Config Timeline forensics.
Answers
D.
Use AWS Config Timeline forensics.
Suggested answer: A

Explanation:

You must use CloudTrail Log File Validation (default or custom implementation), as any other tracking method is subject to forgery in the event of a full account compromise by sophisticated enough hackers. Validated log files are invaluable in security and forensic investigations. For example, a validated log file enables you to assert positively that the log file itself has not changed, or that particular user credentials performed specific API activity. The CloudTrail log file integrity validation process also lets you know if a log file has been deleted or changed, or assert positively that no log files were delivered to your account during a given period of time.

Reference: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html

asked 16/09/2024
Amin Dashti
51 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first