Achieving Secure Auditing and Encrypted Logs for AWS Administrator | Exam Preparation
Question
Being an AWS administrator for a certain company with AWS infrastructure in two regions, you are involved in architecting a web application environment.
There is a requirement for monitoring API calls to ensure that auditing the environment for compliance is secure.
It should follow strict security compliance requirements, and also the logs should be encrypted.
Which of the following would you choose to achieve this?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
AWS CloudTrail helps monitor all the API calls in your AWS account and is used for compliance purposes.
It supports multi-region configuration.
By default, AWS automatically encrypts the CloudTrail logs stored in the S3 bucket using Amazon S3 server-side encryption.
Option A is incorrect because -VPC flow logs are used to capture information about the IP traffic going to and from network interfaces in your VPC.
Mostly they can be useful for security auditing.
The Subnet flow logs help capture information about the IP traffic going to and from network interfaces associated with your subnet.
They are similar to VPC flow logs, just that they capture traffic associated with the subnets.
Option C is incorrect because -This is used, for example, when using a load balancer to trace HTTP requests from clients to targets or other services.
Option D is incorrect as CloudWatch is used to monitor performance and not the API calls.
The best option to monitor API calls and ensure auditing of the environment for compliance with strict security compliance requirements, and log encryption in AWS infrastructure would be to use AWS CloudTrail logs and CloudWatch logs.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It logs all API calls made by or on behalf of your AWS account and stores the resulting log files in an Amazon S3 bucket that you specify. CloudTrail logs can provide detailed information such as the identity of the caller, the time of the call, the source IP address, the request parameters, and the response elements returned by the AWS service.
On the other hand, CloudWatch logs can be used to monitor, store, and access log files from various AWS resources like EC2 instances, Lambda functions, VPC flow logs, and CloudTrail. You can use CloudWatch Logs to monitor, troubleshoot, and audit your system for compliance. By setting up CloudWatch Logs, you can ensure that logs are encrypted and stored securely.
Therefore, the correct answer would be D. AWS CloudTrail logs and CloudWatch logs. Option A - AWS VPC flow logs and Subnet logs - only provides network flow information, while option C - use request tracing - is an application-level logging and monitoring feature, which may not provide sufficient detail for compliance auditing.
