CloudTrail

Question 1

What is the default data retention period for the CloudTrail service?

Answer 1

90 days

Question 2

Which CloudTrail component allows logs to be delivered to S3, CloudWatch Logs, or CloudWatch Events?

Answer 2

Trail

Question 3

Is CloudTrail a real-time solution?

Answer 3

No, logs usually take up to 15 minutes to deliver

Question 4

In which region are CloudTrail log events recorded for global services such as IAM, SNS, and CloudFront?

Answer 4

These events are logged in the us-east-1 region; only global trails can catch these logs

Question 5

Which types of events does CloudTrail log?

Answer 5

Management events, data events, and insight events

Question 6

Which type of CloudTrail events provides information known as control plane operations (e.g., resource creation, policy attachment)?

Answer 6

Management events

Question 7

Which type of events does CloudTrail log by default?

Answer 7

Management events only

Question 8

Which type of CloudTrail events provides information known as data plane operations (e.g., object deletion from an S3 bucket, SNS publish)?

Answer 8

Data events

Question 9

Which type of CloudTrail events provides information on UNUSUAL API call rates or error rate activity (e.g., an account typically logs 20 deleteBucket API calls, but starts to log an average of 100 deleteBucket API calls)?

Answer 9

Insight events