🔥 3-day streak
AWS Certified Security - Specialty18 / 184
Question 18 of 184

A security engineer must prove to auditors that CloudTrail log files stored in an S3 bucket have not been modified or deleted since delivery. The organization already has a multi-Region trail delivering logs to a dedicated central logging account. During a compliance review, the auditors ask for a mechanism that can cryptographically verify whether any log file was altered or removed after CloudTrail wrote it. Which approach satisfies this requirement?

Reviewed for accuracy · Report an issueNext question