🔥 3-day streak
AWS Certified Security - Specialty24 / 157
Question 24 of 157
A financial services company uses AWS Control Tower to manage a multi-account landing zone across 40 accounts. During a routine audit, the security team discovers that an administrator in a workload account manually modified a CloudTrail trail that Control Tower had configured, disabling log file validation. The security team wants a supported, automated way to detect that the account has diverged from the Control Tower baseline and to bring it back into compliance. Which approach should they use?
Reviewed for accuracy · Report an issueNext question