Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SOA-C02 Topic 6 Question 113 Discussion

Actual exam question for Amazon's SOA-C02 exam
Question #: 113
Topic #: 6
[All SOA-C02 Questions]

A company requires that all activity in its AWS account be logged using AWS CloudTrail. Additionally, a SysOps administrator must know when CloudTrail log files are modified or deleted.

How should the SysOps administrator meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

CloudTrail Log File Integrity Validation:

AWS CloudTrail provides a feature for log file integrity validation to ensure logs have not been modified or deleted.

Steps to Enable and Validate:

Enable Log File Integrity Validation:

Go to the CloudTrail Console.

Select or create a trail.

In the trail settings, enable Log file validation.

Use the AWS CLI for Validation:

Use the following CLI command:

aws cloudtrail validate-logs --trail-name <trail-name>

This command validates the digest files generated by CloudTrail against the log files.

Why Other Options Are Incorrect:

B: Using the AWS CloudTrail Processing Library is unnecessary for validation.

C: CloudTrail Insights is designed to identify unusual activity, not monitor log modifications.

D: Amazon CloudWatch Logs cannot directly monitor CloudTrail logs for integrity.


CloudTrail Log File Validation

AWS CLI Command for Validation

by Delbert at Mar 19, 2025, 01:27 PM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Juliana
2 hours ago
D is a good choice. Using Amazon CloudWatch Logs to monitor the log files is a simple and straightforward solution.
upvoted 0 times
...
Lashawnda
5 days ago
Option C with CloudTrail Insights looks promising. Monitoring the logs for modifications directly within CloudTrail could be more efficient than using additional tools.
upvoted 0 times
...
Yolande
9 days ago
I think using CloudTrail Insights to monitor the log files for modifications could be a good approach as well.
upvoted 0 times
...
Fletcher
11 days ago
I believe option B is also a valid choice. Using the AWS CloudTrail Processing Library can help validate the log files.
upvoted 0 times
...
Svetlana
13 days ago
I agree with Annice. Using the AWS CLI to validate the log files is a good way to meet the requirements.
upvoted 0 times
...
Annice
25 days ago
I think the SysOps administrator should enable log file integrity validation.
upvoted 0 times
...
Bettina
25 days ago
I think option B is the way to go. The AWS CloudTrail Processing Library seems like the most robust and secure way to validate the log files.
upvoted 0 times
Adrianna
8 days ago
I think using the AWS CLI to validate the log files would be more efficient.
upvoted 0 times
...
Dahlia
15 days ago
I agree, option B with the AWS CloudTrail Processing Library sounds like the best choice.
upvoted 0 times
...
...

Save Cancel