🔥 3-day streak
AWS Certified Security - Specialty8 / 157
Question 8 of 157
During an incident investigation, a security engineer suspects that an attacker with administrative credentials may have altered or deleted CloudTrail logs to hide their activity. The organization needs to guarantee that going forward, historical CloudTrail log files can be proven unaltered and retained for forensic and legal purposes, even against an actor with account-level admin privileges. Which combination of controls BEST ensures the tamper-evidence and long-term integrity of the logs?
Reviewed for accuracy · Report an issueNext question