Bird
0
0

If a CloudTrail trail is configured with an event selector filtering only S3 data events, which of the following will be logged?

medium📝 service behavior Q5 of 15
AWS - Advanced Security
If a CloudTrail trail is configured with an event selector filtering only S3 data events, which of the following will be logged?
AAPI calls to S3 bucket objects
BAPI calls to EC2 instance launches
CIAM user login events
DCloudWatch alarm state changes
Step-by-Step Solution
Solution:

  1. Step 1: Understand event selectors for data events

    Filtering for S3 data events logs API calls that access or modify S3 objects.

  2. Step 2: Exclude other service events

    EC2 launches, IAM logins, and CloudWatch alarms are not S3 data events and won't be logged.

  3. Final Answer:

    API calls to S3 bucket objects -> Option A

  4. Quick Check:

    S3 data events filter logs S3 object API calls = A [OK]
Quick Trick: S3 data events log object-level API calls only [OK]
Common Mistakes:
  • Expecting EC2 or IAM events
  • Confusing data events with management events

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
Advanced Security - AWS Shield for DDoS protection - Quiz 2easy Architecture Best Practices - Reliability pillar principles - Quiz 1easy CloudFormation - Resources section - Quiz 8hard CloudFormation - Updating and deleting stacks - Quiz 11easy EKS - EKS cluster creation - Quiz 6medium EKS - Node groups (managed, self-managed, Fargate) - Quiz 15hard Route 53 - Failover routing for disaster recovery - Quiz 13medium Serverless Architecture - Step Functions for workflows - Quiz 5medium Serverless Architecture - Step Functions for workflows - Quiz 12easy Serverless Architecture - Lambda with API Gateway pattern - Quiz 10hard