CloudTrail Flashcards
How many days of activity in your AWS account Event history allows you to view, search, and download?
Event history allows you to view, search, and download the past 90 days of activity in your AWS account.
What’s the use of CloudTrail trail?
You can create CloudTrail trail to archive, analyze, and respond to changes in your AWS resources.
A trail is a configuration that enables delivery of events to an Amazon S3 bucket that you specify. You can also deliver and analyze events in a trail with Amazon CloudWatch Logs and Amazon EventBridge.
How can you create a single-Region trail?
You can only create a single-Region trail by using the AWS CLI.
When you create a CloudTrail trial using the console, are they created as single-Regiom or multi-Region?
All trails you create using the CloudTrail console are multi-Region.
Are CloudTrail trails visible in all regions?
If you create a trail that logs events in all AWS Regions, it will appear in the console in all AWS Regions. If you create a trail that only logs events in a single AWS Region, you can view and manage it only in that AWS Region.
What is an organization trail?
An organization trail or an organization event data store logs all events for all AWS accounts in an organization.
Can member accounts have access to the log files for an organization trail in the Amazon S3 bucket?
By default, member accounts do not have access to the log files for an organization trail in the Amazon S3 bucket, nor can they run queries on organization event data stores.
How can you change a single-Region trail to an all-Region trail, or vice-versa?
To change a single-Region trail to an all-Region trail, or vice-versa, you must run the AWS CLI update-trail
command.
By default, are CloudTrail event log files encrypted?
By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE).
How can you achieve CloudTrail logs for object-level Amazon S3 actions?
By default, CloudTrail logs bucket-level actions. You can also get CloudTrail logs for object-level Amazon S3 actions. To do this, enable data events for your S3 bucket or all buckets in your account.
Can Member accounts see, modify or delete the organization trail?
Member accounts can see the organization trail, but can’t modify or delete it.
What is the service that enables governance, compliance, operational auditing, and risk auditing of your AWS account?
AWS CloudTrail
With which service you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure?
AWS CloudTrail
Which service provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services?
AWS CloudTrail