Bird
0
0

You want to audit all API activity in your AWS account but exclude read-only events to reduce log volume. How should you configure CloudTrail?

hard📝 Application Q8 of 15
AWS - Advanced Security
You want to audit all API activity in your AWS account but exclude read-only events to reduce log volume. How should you configure CloudTrail?
AEnable multi-region trail without filters
BSet ReadWriteType to "WriteOnly" in event selectors
CSet IncludeManagementEvents to false
DSet ReadWriteType to "All" and filter logs later
Step-by-Step Solution
Solution:

  1. Step 1: Identify filter to exclude read-only events

    Setting ReadWriteType to "WriteOnly" filters out read-only API calls.

  2. Step 2: Understand other options

    Disabling management events excludes important logs; multi-region and "All" do not filter reads.

  3. Final Answer:

    Set ReadWriteType to "WriteOnly" in event selectors -> Option B

  4. Quick Check:

    Use WriteOnly to exclude read-only API calls = C [OK]
Quick Trick: Use WriteOnly filter to log only modifying API calls [OK]
Common Mistakes:
  • Disabling management events
  • Not using ReadWriteType filter
  • Relying on post-log filtering

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
Advanced Security - AWS Shield for DDoS protection - Quiz 2easy Architecture Best Practices - Reliability pillar principles - Quiz 1easy CloudFormation - Resources section - Quiz 8hard CloudFormation - Updating and deleting stacks - Quiz 11easy EKS - EKS cluster creation - Quiz 6medium EKS - Node groups (managed, self-managed, Fargate) - Quiz 15hard Route 53 - Failover routing for disaster recovery - Quiz 13medium Serverless Architecture - Step Functions for workflows - Quiz 5medium Serverless Architecture - Step Functions for workflows - Quiz 12easy Serverless Architecture - Lambda with API Gateway pattern - Quiz 10hard