🔥 3-day streak
AWS Certified Security - Specialty25 / 157
Question 25 of 157
A financial services company manages 120 accounts through AWS Control Tower with all accounts in a well-structured OU hierarchy. The security team wants to guarantee that no member account can ever disable AWS CloudTrail logging, and they need this protection to be impossible to bypass — even by a user who has full administrative IAM permissions in a member account. Which approach meets this requirement with the least ongoing operational effort?
Reviewed for accuracy · Report an issueNext question