🔥 3-day streak
AWS Certified Solutions Architect - Professional91 / 186
Question 91 of 186
A financial services company is designing a multi-account landing zone using AWS Control Tower. Compliance requires that all CloudTrail and AWS Config logs from every member account be stored in a dedicated, tamper-resistant location that individual account administrators cannot modify or delete. The security team, operating from a separate account, must retain read access for investigations. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question