When AWS CloudTrail records API activity, how soon after an API call is the event typically delivered to the S3 bucket configured as the trail's destination?
Think about how logs are usually processed and delivered in cloud services.
CloudTrail delivers recorded API events to the configured S3 bucket within a few minutes, typically less than 15 minutes after the API call. It is not real-time but near real-time.
What is the purpose of enabling log file integrity validation in AWS CloudTrail?
Think about how to ensure logs remain trustworthy after they are saved.
Log file integrity validation helps verify that the log files have not been changed or deleted after CloudTrail delivered them to the S3 bucket, ensuring the logs' trustworthiness.
You need to audit API activity across multiple AWS regions for compliance. Which CloudTrail setup ensures all regions are covered and logs are consolidated in one S3 bucket?
Consider how CloudTrail can be configured to cover all regions with minimal setup.
A single multi-region trail records API activity in all AWS regions and delivers logs to one S3 bucket, simplifying management and ensuring full coverage.
Which combination of settings best protects CloudTrail logs stored in S3 from unauthorized access?
Think about how to keep logs confidential and prevent unauthorized viewing or tampering.
Encrypting logs with AWS KMS and restricting bucket access ensures logs are protected from unauthorized access and tampering.
Which statement correctly describes the difference between management events and data events in AWS CloudTrail?
Think about what kinds of actions happen at the resource level versus the management level.
Management events capture control plane operations like creating or deleting resources. Data events capture resource-level operations such as reading or writing S3 objects or invoking Lambda functions.