AWS Certified Specialty SCS-C02 Exam Dumps

The correct answer is C. Edit the existing trail in the Organizations management account and apply it to the organization.

The reason is that this is the simplest and most effective way to ensure that there is at least one trail configured for all existing accounts and for any account that is created in the future. According to the AWS documentation1, “If you have created an organization in AWS Organizations, you can create a trail that logs all events for all AWS accounts in that organization. This is sometimes called an organization trail.” The documentation1 also states that “The management account for the organization can edit an existing trail in their account, and apply it to an organization, making it an organization trail. Organization trails log events for the management account and all member accounts in the organization.” Therefore, by editing the existing trail in the management account and applying it to the organization, the security team can ensure that all accounts are sending CloudTrail logs to a centralized S3 logging bucket.

The other options are incorrect because:

• A. Create a new trail and configure it to send CloudTrail logs to Amazon S3. Use Amazon EventBridge to send notification if a trail is deleted or stopped. This option is not sufficient to ensure that there is at least one trail configured for all accounts, because it does not prevent users from deleting or stopping the trail in their accounts. Even if EventBridge sends a notification, the security team would have to manually restore or restart the trail, which is not efficient or scalable.
• B. Deploy an AWS Lambda function in every account to check if there is an existing trail and create a new trail, if needed. This option is not optimal because it requires deploying and maintaining a Lambda function in every account, which adds complexity and cost. Moreover, it does not prevent users from deleting or stopping the trail after it is created by the Lambda function.
• D. Create an SCP to deny the cloudtrail:Delete and cloudtrail:Stop actions. Apply the SCP to all accounts. This option is not sufficient to ensure that there is at least one trail configured for all accounts, because it does not create or apply a trail in the first place. It only prevents users from deleting or stopping an existing trail, but it does not guarantee that a trail exists in every account.

To minimize downtime in response to DDoS attacks, the company should do the following:

• Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack. This provides access to 24x7 support from the AWS DDoS Response Team (DRT), as well as advanced detection and mitigation capabilities for network and application layer attacks.
• Use AWS WAF to create rules to respond to such attacks. This allows the company to filter web requests based on IP addresses, headers, body, or URI strings, and block malicious requests before they reach the web applications.

because these are the actions that can improve IAM account root user security. IAM account root user is a user that has complete access to all AWS resources and services in an account. IAM account root user security is a set of best practices that help protect the account root user from unauthorized or accidental use. Deleting the access keys for the account root user in every account can help prevent programmatic access by the account root user, which reduces the risk of compromise or misuse. Enabling MFA on every account root user in all accounts can help add an extra layer of security for console access by requiring a verification code in addition to a password. Creating a custom IAM policy to limit permissions to required actions for the account root user and attaching the policy to the account root user can help enforce the principle of least privilege and restrict the account root user from performing unnecessary or dangerous actions. The other options are either invalid or ineffective for improving IAM account root user security.