Amazon Exam SOA-C02 Topic 6 Question 113 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 113
Topic #: 6

A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted.

How should the SysOps administrator meet these requirements?

AEnable log file integrity validation Use the AWS CLI to validate the log files.

BEnable log file integrity validation. Use the AWS CloudTrail .Processing Library to validate the log files.

CUse CloudTrail Insights to monitor the log files for modifications.

DUse Amazon CloudWatch Logs to monitor the log files for modifications.

Show Suggested Answer

Suggested Answer: A

CloudTrail Log File Integrity Validation:

AWS CloudTrail provides a feature for log file integrity validation to ensure logs have not been modified or deleted.

Steps to Enable and Validate:

Enable Log File Integrity Validation:

Go to the CloudTrail Console.

Select or create a trail.

In the trail settings, enable Log file validation.

Use the AWS CLI for Validation:

Use the following CLI command:

aws cloudtrail validate-logs --trail-name <trail-name>

This command validates the digest files generated by CloudTrail against the log files.

Why Other Options Are Incorrect:

B: Using the AWS CloudTrail Processing Library is unnecessary for validation.

C: CloudTrail Insights is designed to identify unusual activity, not monitor log modifications.

D: Amazon CloudWatch Logs cannot directly monitor CloudTrail logs for integrity.

CloudTrail Log File Validation

AWS CLI Command for Validation

by Delbert at Mar 19, 2025, 01:27 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Stanford

1 months ago

I'm pretty sure the correct answer is E) Hire a team of monkeys to watch the logs 24/7. They'll let you know if anything suspicious happens.

upvoted 0 times

Christiane

27 days ago

B) Enable log file integrity validation. Use the AWS CloudTrail .Processing Library to validate the log files.

upvoted 0 times

...

Franklyn

1 months ago

A) Enable log file integrity validation Use the AWS CLI to validate the log files.

upvoted 0 times

...

Bulah

1 months ago

Wait, are we supposed to be validating the logs or creating them? I'm so confused, I might just go with option A and use the AWS CLI.

upvoted 0 times

Devon

13 days ago

I agree, let's go with option A and enable log file integrity validation.

upvoted 0 times

...

Stefanie

27 days ago

Option A sounds like a good choice. Using the AWS CLI should make it easier to validate the log files.

upvoted 0 times

...

Juliana

2 months ago

D is a good choice. Using Amazon CloudWatch Logs to monitor the log files is a simple and straightforward solution.

upvoted 0 times

...

Lashawnda

2 months ago

Option C with CloudTrail Insights looks promising. Monitoring the logs for modifications directly within CloudTrail could be more efficient than using additional tools.

upvoted 0 times

...