Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Security > CloudTrail > Flashcards

CloudTrail Flashcards

1
Q

CloudTrail

How do you turn on CloudTrail?

A

On (enabled) by default, except for CloudFront and other global things

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CloudTrail

How long stored?

A

Last 90 days for free

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CloudTrail

Where are CloudTrail things stored?

A

In CloudTrail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CloudTrail

What if you want more than the CloudTrail limit on past events?

A

Create a Trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CloudTrail

Attributes of a Trail you create?

A

S3 bucket to store events in, keys to encrypt, target CloudWatch Log Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CloudTrail

Three types of events captured in CloudTrail?

A

Management Events (control plane), Data Events (data plane), Insight Events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CloudTrail

What is captured by default?

A

Management Events. Data Events are not 100% captured; have to turn on separately

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CloudTrail

What about global services like CloudFront?

A

Off by default, can be turned on for any Trail, always log to us-east-1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CloudTrail

Two types of Trails you can create?

A

One Region trail, All Regions trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CloudTrail

How does a One Region Trail work?

A

Everything lives in a single region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CloudTrail

How does an All Regions Trail work?

A

Collects data in every region, but managed as a single Trail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

CloudTrail

Major product for aggregating CloudTrail across accounts?

A

Organizations: set up a Trail in management account to aggregate across all OU accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

CloudTrail

Is CloudTrail real-time?

A

No, has around 15 minute delay

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

CloudTrail

Cost structure of CloudTrail?

A

Default trail of 90 days and copy to S3 is free. Data Events and additional Trails have a cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

CloudTrail

Are Security Group changes logged by default?

A

Yes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CloudTrail

Are Lambda invocations logged by default?

A

No

17
Q

CloudTrail

Are Role Assumptions logged by default?

A

Yes

18
Q

CloudTrail

Are Account logins logged by default?

A

Yes

19
Q

Log File Integrity

What is Log File Integrity?

A

Can verify if a trail file has been tampered with

20
Q

Log File Integrity

How does Log File Integrity work?

important

A

Writes a digest (manifest) file every hour with details on each trail file

21
Q

Log File Integrity

Where can you find the digest files?

important

A

Same S3 bucket, but different folder

so you can control access separately

22
Q

Log File Integrity

Can Log File Integrity determine if a trail file is missing?

important

A

Yes: look in the digest

23
Q

Log File Integrity

What’s inside a digest file?

A

Hash of every trail file

24
Q

Log File Integrity

How can you trust the digest files?

A

Each has signature of previous digest; signed by CloudTrail private key

25
Q

Log File Integrity

How can you tell if a digest file was deleted?

important

A

Signature in next digest file doesn’t match previous digest file

AWS Security (83 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions