A customer wants to track access to their Amazon Simple Storage Service (S3) buckets and also use this
information for their internal security and access audits. Which of the following will meet the Customer
requirement?
A.
Enable AWS CloudTrail to audit all Amazon S3 bucket access.
B.
Enable server access logging for all required Amazon S3 buckets.
C.
Enable the Requester Pays option to track access via AWS Billing
D.
Enable Amazon S3 event notifications for Put and Post.
Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/cloudtrail-logging.html
Why is A wrong?
Cloudtrail provided API level access logging. Not user logging.
B
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
This is tricky b/c you would think A but it is B
B.
Enable server access logging for all required Amazon S3 buckets.