CloudTrail

Question 1

What AWS service do you use when you need to know who to blame?

Answer 1

CloudTrail

Question 2

In what service can you monitor API Calls?

Answer 2

CloudTrail

Question 3

AWS CloudTrail is a service that enables this 4 elements of your AWS account.

Answer 3

• Governance
• Compliance
• Operational auditing
• Risk auditing (rɪsk ˈɑdətɪŋ)

Question 4

With CloudTrail you can collect logs beyond 90 days by creating one of these

Answer 4

A Trail

Question 5

In CloudTrail, Trail data is stored where?

Answer 5

S3

Question 6

What do you have to use to To analyze a Trail in CloudTrail?

Answer 6

Amazon Athena
ˈæməˌzɑn əˈθinə

Because There is no a trail GUI

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run.

Question 7

Which Trail option should you enable to ensure the logs are not tampered with?

Answer 7

Log File Validation

Question 8

With CloudTrail this AWS service handles the server side encryption of data

Answer 8

Key Management Service (SSE-KMS)

Question 9

Sending CloudTrail to a CloudWatch log enables what functionality?

Answer 9

SNS notifications on specific activities

Question 10

Where can you send events from CloudTrail?

Answer 10

CloudWatch Logs

Question 11

Which 2 AWS services can you track with CloudTrail Data Events?

Answer 11

Data events provide visibility into the resource operations performed on or within a resource. These are also known as data plane operations. Data events are often high-volume activities. The following data types are recorded:

• Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API operations)
• AWS Lambda function execution activity (the Invoke API)

Question 12

The CloudTrail event type that is high volume and results in additional charges

Answer 12

Data Events

Question 13

The 2 types of CloudTrail events

Answer 13

Management Events
Tracks management operations. (Eg. Attach role policies)
Turned on by default. Can’t be turned off.

Data Events
Tracks specific operations for specific AWS Services. Data events are high volume logging and will result in additional charges. Turned off by default.

The two services that can be tracked is S3 and Lambda. So it would track action such as: GetObject, DeleteObject, PutObject

They occur very frequently

Question 14

In CloudTrail that are 4 things you can do on Management Events?

Answer 14

• Security
• Registering devices
• Configuring rules for routing data
• Setting up logging

Question 15

What is CloudTrail?

What are its 4 elements?

Answer 15

• It’s a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account
• Who to blame
• It logs calls between AWS Service
• Trails
• Log file validation
• Type of Events (Managed and data)
• Athena