ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 163 - SCS-C02 discussion

Report
Export

A company is using AWS Organizations to create OUs for its accounts. The company has more than 20 accounts that are all part of the OUs. A security engineer must implement a solution to ensure that no account can stop to file delivery to AWS CloudTrail.

Which solution will meet this requirement?

A.
Use the --is-multi-region-trail option while running the create-trail command to ensure that logs are configured across all AWS Regions.
Answers
A.
Use the --is-multi-region-trail option while running the create-trail command to ensure that logs are configured across all AWS Regions.
B.
Create an SCP that includes a Deny rule tor the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
Answers
B.
Create an SCP that includes a Deny rule tor the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
C.
Create an SCP that includes an Allow rule for the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
Answers
C.
Create an SCP that includes an Allow rule for the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
D.
Use AWS Systems Manager to ensure that CloudTrail is always turned on.
Answers
D.
Use AWS Systems Manager to ensure that CloudTrail is always turned on.
Suggested answer: B

Explanation:

This SCP prevents users or roles in any affected account from disabling a CloudTrail log, either directly as a command or through the console. https://asecure.cloud/a/scp_cloudtrail/

asked 16/09/2024
Asif Khan
42 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first