AWS CloudTrail

Question 1

I need to be able to capture changes from all regions, what is the best way to do this?

Answer 1

Use cloud trail and select option ‘Apply to all regions’

Question 2

I need to be able to capture changes from all accounts in my organization, what is the best way to do this?

Answer 2

Create a cloud trail and select to use ‘Apply trail to my organization’, this will capture all changes from all accounts and if you select ‘apply to all regions’ you also get trails across all regions in all accounts in the orgnization.

Question 3

I need to collect AWS resource API event information for S3 and lambs, what options do I have?

Answer 3

You can enable data collection when creating a cloud trail, you can select individual objects or turn option on for every object.

Question 4

I need to create a CloudTrail, do I pay for just one?

Answer 4

No

Question 5

Where can I store cloud trails logs to?

Answer 5

You can store the cloud trail logs to an S3 bucket.

Question 6

I have an organization with many accounts, is it possible to capture all changes across all accounts to a CloudTrail log?

Answer 6

Yes, you sent the option to have cloud trail consolidate across all account, this means the trails will aggregate into one single bucket.

Question 7

As part of regulatory, I have to ensure all my data is stored encrypted at rest, what options do I have for cloud trail?

Answer 7

When creating a CloudTrail, I can in advance options select encryption of log files using KMS SSE

Question 8

As part of regulatory, I need to capture all changes in AWS and also ensure the data can not be seen if the log data file was taken by hackers, I also need to ensure the log data files not tampered with, what are my best options?

Answer 8

• Use CloudTrail to capture all changes in AWS
• Use the advanced option of a CloudTrail to encrypt the files with a KMS SSK
• Use the advanced option to also sign the files

Question 9

I have created a CloudTrail and I need to be able to know when files are delivered to the S3 bucket, what options do I have?

Answer 9

You can use the CloudTrail advance option of notification and select an SNS topic.

Question 10

How long will cloud trail retain logs?

Answer 10

You can search back 90 days of hoistory, but if you have a CloudTrail pushing logs to s3, data is retained indefently, you can use life cycle policies to delete the logs files form s3 as needed.

Question 11

How many trails can I create in a single region?

Answer 11

5

Question 12

What makes storing CloudTrail logs in S3 secure?

Answer 12

• ## By default CloudTrail encrypts the log files before placing in a S3 buckket.

Question 13

How do I get charged for CloudTrail?

Answer 13

AWS CloudTrail allows you to view and download the last 90 days of your account activity for create, modify, and delete operations of supported services free of charge. There is no charge from AWS CloudTrail for creating a CloudTrail trail and the first copy of management events within each region is delivered to the S3 bucket specified in your trail free of charge.

Question 14

If I have only one trail with management Events, and apply it to all regions, will I incur charges?

Answer 14

No. The first copy of management events is delivered free of charge in each region.

Question 15

I nneed to process CloudTrail logs using an Java application I am creating, what are my options?

Answer 15

AWS CloudTrail Processing Library is a Java librar

Question 16

What is CloudTrail log file integrity validation?

Answer 16

CloudTrail log file integrity validation feature allows you to determine whether a CloudTrail log file was unchanged, deleted, or modified since CloudTrail delivered it to the specified Amazon S3 bucket.

Question 17

What is the benefit of CloudTrail log file integrity validation?

Answer 17

ensure the logs delivered to S3 are not tampered after delivery.

Question 18

I shose to use KMS SSE with cloudtrail will I be charged?

Answer 18

Yes you will pay for KMS

Question 19

How often will CloudTrail deliver log files to my Amazon S3 bucket?

Answer 19

CloudTrail delivers log files to your S3 bucket approximately every 5 minutes.

Question 20

How long does it take CloudTrail to deliver an event for an API call?

Answer 20

Typically, CloudTrail delivers an event within 15 minutes of the API call.

Question 21

What will CloudTrail log for you?

Answer 21

All api calls to your accounts. but not calls inside each sevice or resource, you can enable this capture for S3 and Lambds.

Question 22

I need to keep my audit logs from AWS for two years, how cna |I do this?

Answer 22

You need to set up a CloudTrail-trail export and have cloud trail logs send to s3.

Question 23

I need to have my cloud trail logs send to lambda, is this possible and if so how?

Answer 23

You can set up a CloudTrail-trail and have the log stream call a lambda function.

Question 24

If I have CloudTrail apply to all regions and AWS adds a new region, what will happen by default?

Answer 24

CloudWatch will be added to the new region.

Question 25

I wnat to collect all CloudTrail logs into a single bucket, how cna I do this?

Answer 25

ClouTrail has an option to collect all logs into a single bucket.

Question 26

I am setting up an account structure in AWS with AWS Organizations, I wnat to have CloudTrail automatically added to any new account added to my organization, how can I do this?

Answer 26

There is an option in CloudTrail to have CloudTrail added to any new accounts added to an organization.

Question 27

What are management events in CloudTrail?

Answer 27

They are a set of control plain events like someone logged in to your account, you can opt to have these added to your CloudTrail stream.

Question 28

My org has the policy to encrypt all data at rest, how can I deal with this in CloudTrail or do I need to implement a third-party tool or service?

Answer 28

In CloudTrail you have the option when creating a trail to select to encrypt the sat in the s3 bucket. You cna select to encrypt using SSE-KMS

Question 29

I am implementing a government sAWS solution and one of the requirements is to ensure that the logs have not been tampered with form CloudTrail, what is my best method to architect for this?

Answer 29

CloudTrail has an option when creating a TRAIL to have log validation, this is where AWS also delivers a hash.

Question 30

I am setting up a CloudTrail trail and I wnat to be notified with log is delivered into S3, is this possible?

Answer 30

Yes, when creating a trail, it is an option to have an SNS invoked.

Question 31

Is CloudTrail free?

Answer 31

Yes for the first TRAIL.

Question 32

I wnat t could the number of CloudTrail logs arriving, how can I architect this?

Answer 32

You can have CloudTrail logs delivered to CloudWatch, this is an option when setting up a CloudTrail-trail.

Question 33

What is the function of AWS CloudTrail?

Answer 33

AWS Cloudtrail records all of the AWS API calls to a region or all regions or when using orgnization you can have it record all regions in all accounts belong to the orgnization?

Question 34

At 1 PM today we saw an s3 bucket get deleted, we want to know who delete the s3 bucket, how can we find this out?

Answer 34

Using AWS Cloudtrail we can search for this event/API call as Cloudtrail records all events/API calls.

Question 35

What are the two endpoints thet Cloudtrail can deliver events to?

Answer 35

• S3

- Lambda

Question 36

Describe the Cloudtrail event you need to look for when a user logs in to AWS account?

Answer 36

The ‘eventName = ConsoleLogin’ event and in this event is the username= ‘Roger’