AWS Certified Solutions Architect Professional SAP-C02 Practice Question
An enterprise that operates more than 100 AWS accounts under AWS Organizations needs to strengthen its security posture by ensuring comprehensive traceability of every user and service action. The security team has the following requirements:
- Capture all management and data API events from every account and Region.
- Store the activity logs in a dedicated security account, encrypt them with a customer-managed AWS KMS key, and prevent anyone from deleting or tampering with the raw logs.
- Allow the security analysts to run ad-hoc SQL queries across current and historical events for the entire organization without building or managing any query infrastructure.
- Minimize ongoing operational overhead for log collection, storage, and analysis.
Which approach will meet these requirements MOST effectively?
Create a CloudTrail organization trail that logs all management and data events in every Region. Deliver the logs to an S3 bucket in the security account with versioning, S3 Object Lock, and SSE-KMS using a customer-managed CMK. Designate the security account as the CloudTrail delegated administrator and create an organization-wide CloudTrail Lake event data store so analysts can query the events with SQL.
Enable Amazon GuardDuty and AWS Security Hub across the organization and export all findings to an encrypted S3 bucket in the security account. Configure Athena to query the findings for incident investigations.
Enable CloudTrail in each account and Region. Send events to local CloudWatch Logs groups, stream them through a subscription filter to Kinesis Data Firehose, and load the data into an Amazon OpenSearch Service domain in the security account. Analysts use OpenSearch Dashboards to search the events.
Enable AWS Config recorders in every account and aggregate the configuration data into the security account. Store configuration snapshots in an encrypted S3 bucket with Object Lock and query the snapshots with Amazon Athena for investigations.