Question #898

试题更新时间: 2023-11-07 12:59:45

ABCD has hired a third-party security auditor, and the auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS. How can ABCD meet the auditor's requirements without comprising security in the AWS environment? Choose the correct answer

A. Enable CloudTrail logging and create an IAM user who has read-only permissions to the required AWS resources, including the bucket containing the CloudTrail logs.

B. Create an SNS notification that sends the CloudTrail log files to the auditor's email when CloudTrail delivers the logs to S3, but do not allow the auditor access to the AWS environment.

C. ABCD should contact AWS as part of the shared responsibility model, and AWS will grant required access to the third-party auditor.

D. Create a role that has the required permissions for the auditor.

上一题收藏列表练习记录

下一题点击收藏

问题反馈