{"id":37,"date":"2021-01-04T08:08:36","date_gmt":"2021-01-04T08:08:36","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question030\/"},"modified":"2021-01-04T08:08:36","modified_gmt":"2021-01-04T08:08:36","slug":"aws-certified-security-specialty-scs-c01-question030","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question030\/","title":{"rendered":"AWS Certified Security &#8211; Specialty SCS-C01 &#8211; Question030"},"content":{"rendered":"<div class=\"question\">A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated.<br \/>\nWhat approach enables the Administrator to search through the logs MOST efficiently? <br \/><strong><br \/>A.<\/strong> Implement a \u201cwrite-only\u201d CloudTrail event filter to detect any modifications to the AWS account resources. <br \/><strong>B.<\/strong> Configure Amazon Macie to classify and discover sensitive data in the Amazon S3 bucket that contains the CloudTrail audit logs. <br \/><strong>C.<\/strong> Configure Amazon Athena to read from the CloudTrail S3 bucket and query the logs to examine account activities. <br \/><strong>D.<\/strong> Enable Amazon S3 event notifications to trigger an AWS Lambda function that sends an email alarm when there are new CloudTrail API entries.<\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>C<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nReference: <a href=\"https:\/\/docs.aws.amazon.com\/athena\/latest\/ug\/cloudtrail-logs.html\" title=\"External link\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/docs.aws.amazon.com\/athena\/latest\/ug\/cloudtrail-logs.html<\/a><\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated. What approach enables the Administrator to search through the logs MOST efficiently? A. Implement a \u201cwrite-only\u201d CloudTrail [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[3,33],"class_list":["post-37","post","type-post","status-publish","format-standard","hentry","category-aws-certified-security-specialty-scs-c01","tag-aws-certified-security-specialty-scs-c01","tag-question-030"],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts\/37","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/comments?post=37"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/posts\/37\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/media?parent=37"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/categories?post=37"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/wp-json\/wp\/v2\/tags?post=37"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}