A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access. Which actions must the Security Engineer take to access these audit findings? (Choose three.) A. Ensure CloudTrail log file validation is turned on. B. Configure an S3 lifecycle rule to periodically archive CloudTrail logs into Glacier for long-term storage. C. Use an S3 bucket with tight access controls that exists in a separate account. D. Use Amazon Inspector to monitor the file integrity of CloudTrail log files. E. Request a certificate through ACM and use a generated certificate private key to encrypt CloudTrail log files. F. Encrypt the CloudTrail log files with server-side encryption AWS KMS-managed keys (SSE-KMS).  Suggested Answer: ABF Community Answer: ACF Reference: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html This question is in SCS-C01 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer