Which of the following are true regarding AWS CloudTrail?

Which of the following are true regarding AWS CloudTrail? Choose 3 answers

Which of the following are true regarding AWS CloudTrail? Choose 3 answers

A.
CloudTrail is enabled globally

B.
CloudTrail is enabled by default

C.
CloudTrail is enabled on a per-region basis

D.
CloudTrail is enabled on a per-service basis.

E.
Logs can be delivered to a single Amazon S3 bucket for aggregation.

F.
CloudTrail is enabled for all available services within a region.

G.
Logs can only be processed and delivered to the region in which they are generated.

Explanation:

http://aws.amazon.com/cloudtrail/faqs/

Show Hint

Leave a Reply 32

Your email address will not be published. Required fields are marked *

Sam

Sam

I couldn’t find docs that says how to enable cloudtrial for each service. A seems reasonable as you will get trial logs for all supported services once it’s turned on. I could be wrong

Reply

Joe

Joe

Funky question. You have the option to enable all regions globally or per region basis.

Reply

TONY

TONY

Exactly. This question is ridiculous.

Reply

Arun Kumar

Arun Kumar

ACE, even I couldn’t find docs for enabling it for each service. Please explain about D and give a reference for that.

Reply

Kelvin Wong

Kelvin Wong

I will say CDE.

Answer A is only correct if it says “Cloudtrail CAN BE enabled globally” instead of “is enabled globally” Which is incorrect because when you go and turn on Cloudtrail, you have the option to select “all regions”, its not default

Reply

mr_tienvu

mr_tienvu

I have the same idea. ACE

Reply

muthu

muthu

ACE seems correct . Once it enables it will capture all API queries not based on service. it will applicable to all listed service.

Reply

TechMinded

TechMinded

A: By default, CloudTrail delivers API calls for global services in every region.

C: (implicit in answer A)

E: CloudTrail will deliver the digest files across all regions and multiple accounts into the same Amazon S3 bucket.

Reply

kamleshj

kamleshj

ACE

A:have a trail with the Apply trail to all regions option enabled.
C:have multiple single region trails.
E: Log files from all the regions can be delivered to a single S3 bucket

Global service events are always delivered to trails that have the Apply trail to all regions option enabled. Events are delivered from a single region to the bucket for the trail. This setting cannot be changed.
If you have a single region trail, you should enable the Include global services option.
If you have multiple single region trails, you should enable the Include global services option in only one of the trails.

D Incorrect : once enabled it is applicable for all the supported services, service can’t be selected

Reply

CM

CM

Answer is EFG.

Reason is

You can create two types of trails:

A trail that applies to all regions – When you create a trail that applies to all regions, CloudTrail creates the same trail in each region, records the log files in each region, and delivers the log files to the single S3 bucket (and optionally to the CloudWatch Logs log group) that you specify. This is the default option when you create a trail using the CloudTrail console. If you choose to receive Amazon SNS notifications for log file deliveries, one SNS topic will suffice for all regions. If you choose to have CloudTrail send events from a trail that applies to all regions to a CloudWatch Logs log group, events from all regions will be sent to the single log group.

A trail that applies to one region – You specify a bucket that receives events only from that region. The bucket can be in any region that you specify. If you create additional individual trails that apply to specific regions, you can have those trails deliver event logs to a single S3 bucket.

Reply

swagata mondal

swagata mondal

ACE
B-CloudTrail is enabled by default false
D-CloudTrail is enabled on a per-service basis. – its not its available region basis
F-CloudTrail is enabled for all available services within a region. -its enabled only for cloud trail supported service
G-Logs can only be processed and delivered to the region in which they are generated.- logs can only be process in same region but they can deliver in any region s3- bucket

Reply

PM

PM

ADE I believe. Its applied at global level, per service and Logs can be delivered to a single Amazon S3 bucket for aggregation.

Reply

Ryan

Ryan

A – Can be true
B – False
C – Always True
D – False
E – Always True
F – False

ACE

Reply

mutiger91

mutiger91

If “Can be true” is a reason for selecting, then B also “can be true”. Cloudtrail is enabled by default for the US GovCloud region.

I do think you accurately captured the intent of the person who wrote the question, but the above is why my initial read was that A and C conflict.

Reply

Ashebrethafe

Ashebrethafe

CEF

B is wrong – CloudTrail is not enabled by default; it must be enabled manually.

A and C contradict each other – C says you can choose which regions to enable CloudTrail for, while A says you have to enable it for all regions. The former is correct.

D and F contradict each other – D says you can choose which services to enable CloudTrail for, while F says you have to enable it for all services for which it is available. The latter is correct.

E and G contradict each other – E says all regions can send their logs to the same bucket, while G says each region has to have its own log bucket. The former is correct.

Reply

Kalyan Garlapati

Kalyan Garlapati

A and C are not contradicting each other. It is the user choice. He/She can enable CloudTrail for specific region or all regions. Both of them are correct.

F is NOT correct because CloudTrail is not available for ALL services in AWS. Please check https://www.amazonaws.cn/en/cloudtrail/faqs/

ACE is the right answer.

Reply

WildCoder

WildCoder

my answer is ACE

Reply

lyannabear

lyannabear

Answer is ACE

Most of the answers at the top are wrong. I’ve gone through the trouble of correcting all 400 of them for my own study purposes. If you would like a digital copy of this dump please send $40 to paypal.me/lyannabear

Reply