A company wants to use Cloudtrail for logging all API activity. They want to segregate the logging of data events and management events.
How can this be achieved? Choose 2 answers from the options given below
A . Create one Cloudtrail log group for data events
B . Create one trail that logs data events to an S3 bucket
C . Create another trail that logs management events to another S3 bucket
D . Create another Cloudtrail log group for management events
Answer: B,C
Explanation:
The AWS Documentation mentions the following
You can configure multiple trails differently so that the trails process and log only the events that you specify. For example, one trail can log read-only data and management events, so that all read-only events are delivered to one S3 bucket. Another trail can log only write-only data and management events, so that all write-only events are delivered to a separate S3 bucket
Options A and D are invalid because you have to create a trail and not a log group
For more information on managing events with cloudtrail, please visit the following URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/loHEing-manasement-and-data-events-with-cloudtrai
The correct answers are: Create one trail that logs data events to an S3 bucket. Create another trail that logs management events to another S3 bucket Submit your Feedback/Queries to our Experts
Leave a Reply