AWS CloudTrail | CloudTrail Log File Integrity Validation Flashcards

1
Q

What charges do I incur once I configure encryption using SSE-KMS?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

Once you configure encryption using SSE-KMS, you will incur standard AWS KMS charges. For details,go to AWS KMS pricing page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is CloudTrail log file integrity validation?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

CloudTrail log file integrity validation feature allows you to determine whether a CloudTrail log file was unchanged, deleted, or modified since CloudTrail delivered it to the specified Amazon S3 bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the benefit of CloudTrail log file integrity validation?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

You can use the log file integrity validation as an aid in your IT security and auditing processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do I enable CloudTrail log file integrity validation?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

You can enable the CloudTrail log file integrity validation feature from the AWS Management Console, AWS CLI or AWS SDKs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens once I turn on the log file integrity validation feature?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

Once you turn on the log file integrity validation feature, CloudTrail will deliver digest files on an hourly basis. The digest files contain information about the log files that were delivered to your Amazon S3 bucket, hash values for those log files, digital signatures for the previous digest file, and the digital signature for the current digest file in the Amazon S3 metadata section. For more information about digest files, digital signatures and hash values, go to CloudTrail documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Where are the digest files delivered to?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

The digest files are delivered to the same Amazon S3 bucket where your log files are delivered to. However, they are delivered to a different folder so that you can enforce granular access control policies. For details, refer to the digest file structure section of the CloudTrail documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can I validate the integrity of a log file or digest file delivered by CloudTrail?

CloudTrail Log File Integrity Validation

AWS CloudTrail | Management Tools

A

You can use the AWS CLI to validate that the integrity of log file or digest file. You can also build your own tools to do the validation. For more details on using the AWS CLI for validating the integrity of a log file, refer to the CloudTrail documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly