Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Certified Specialty
  5. SCS-C02 Discussions
  6. SCS-C02 Exam Topic 3 Question 17 Discussion
 Amazon Web Services Discussions
Exam SCS-C02 All Questions
Exam SCS-C02 All Questions

View all questions & answers for the SCS-C02 exam

Go to Exam

Amazon Web Services AWS Certified Specialty SCS-C02 Question # 17 Topic 3 Discussion

SCS-C02 Exam Topic 3 Question 17 Discussion:
Question #: 17
Topic #: 3

A company has configured an organization in AWS Organizations for its AWS accounts. AWS CloudTrail is enabled in all AWS Regions. A security engineer must implement a solution to prevent CloudTrail from being disabled. Which solution will meet this requirement?
A.

Enable CloudTrail log file integrity validation from the organization's management account.

B.

Enable server-side encryption with AWS KMS keys (SSE-KMS) for CloudTrail logs. Create a KMS key Attach a policy to the key to prevent decryption of the logs

C.

Create an SCP that includes an explicit Deny rule for the StopLogging action and the DeleteTrail action. Attach the SCP to the root OU.

D.

Create 1AM policies for all the company's users to prevent the users from performing the DescribeTrails action and the GetTrailStatus action.

Get Premium SCS-C02 Questions
Actual exam question for Amazon Web Services SCS-C02 exam by Nova2097 at May 3, 2026, 12:47:56 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit