QuickSight Auditing and Log Archival

Answer: A,C,E.

Amazon QuickSight is integrated with AWS CloudTrail.

This service provides a record of actions taken by a user, role, or an AWS service in Amazon QuickSight.

The calls captured include calls from the Amazon QuickSight console.

If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon QuickSight.

If you don't configure a trail, you can still view the most recent events in the CloudTrail console in Event history.

Using the information collected by CloudTrail, you can determine the request that was made to Amazon QuickSight, the IP address from which the request was made, who made the request, when it was made, and additional details.

MSP Bank is planning to launch a self-data discovery platform using Amazon QuickSight on AWS, and the team needs to enable auditing to track the records of actions taken by a user, role, or AWS service in Amazon QuickSight. Additionally, the team needs to capture the logs and store them for long-term archival to address compliance requirements.

To achieve these goals, there are a few options available:

A. Amazon QuickSight is integrated with AWS CloudTrail, which provides a record of actions taken by a user, role, or an AWS service in Amazon QuickSight. CloudTrail logs API calls made by QuickSight and other AWS services in a specified AWS account and delivers the log files to an Amazon S3 bucket that you specify. You can use this information to identify which users and accounts called QuickSight APIs, the source IP address from which the calls were made, and when the calls occurred. With CloudTrail, you can also determine which requests were successful and which failed.

B. Amazon QuickSight is not integrated with AWS CloudWatch. Therefore, Option B is not a valid option for addressing MSP Bank's requirements.

C. When CloudTrail is enabled, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon QuickSight. This means that every event recorded in CloudTrail, including events from QuickSight, will be delivered to the specified S3 bucket. This allows MSP Bank to store logs for long-term archival and compliance purposes.

D. Amazon QuickSight is not integrated with AWS CloudWatch. Therefore, Option D is not a valid option for addressing MSP Bank's requirements.

E. If you don't configure a trail, you won't have access to the detailed information required to identify which users and accounts called QuickSight APIs, the source IP address from which the calls were made, and when the calls occurred. Therefore, Option E is not a valid option for addressing MSP Bank's requirements.

F. If you don't configure a log, you won't be able to store logs for long-term archival and compliance purposes. Therefore, Option F is not a valid option for addressing MSP Bank's requirements.

In summary, the three valid options for addressing MSP Bank's requirements are:

A. Amazon QuickSight is integrated with AWS CloudTrail, which provides a record of actions taken by a user, role, or an AWS service in Amazon QuickSight.

C. When CloudTrail is enabled, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon QuickSight.

E. If you don't configure a trail, you won't have access to the detailed information required to identify which users and accounts called QuickSight APIs, the source IP address from which the calls were made, and when the calls occurred.