List of questions
Related questions
Question 163 - SCS-C02 discussion
A company is using AWS Organizations to create OUs for its accounts. The company has more than 20 accounts that are all part of the OUs. A security engineer must implement a solution to ensure that no account can stop to file delivery to AWS CloudTrail.
Which solution will meet this requirement?
A.
Use the --is-multi-region-trail option while running the create-trail command to ensure that logs are configured across all AWS Regions.
B.
Create an SCP that includes a Deny rule tor the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
C.
Create an SCP that includes an Allow rule for the cloudtrail. StopLogging action Apply the SCP to all accounts in the OUs.
D.
Use AWS Systems Manager to ensure that CloudTrail is always turned on.
Your answer:
0 comments
Sorted by
Leave a comment first