Q7 — AWS DOP-C02 Ch.2

Question 7 of 100 | ← Chapter 2

A large company runs critical workloads across multiple AWS accounts. All accounts are managed under a single AWS Organization, and all organizational features are enabled. The company stores its customer data in Amazon S3 buckets. Access to these S3 buckets requires multi-layered authorization.

Correct Answer: B. Create an AWS CloudTrail organization-level trail, delivering logs to Amazon CloudWatch Logs in the organization’s management account. Enable data event logging for all S3 buckets. Use Amazon GuardDuty anomaly detection across all AWS accounts. Use Amazon Athena to run SQL queries against custom metrics derived from CloudTrail logs.

Explanation

This question involves combining AWS services for centralized cross-account monitoring of S3 activity and anomaly detection. AWS documentation states that CloudTrail organization-level trails aggregate logs from all member accounts into the management account without requiring per-account configuration. Enabling S3 data event logging captures API calls—including CLI access. GuardDuty integrates with CloudTrail logs to provide threat detection. Athena supports SQL-based analysis of logs stored in S3. Option B correctly combines organization-level trails, S3 data event collection, GuardDuty anomaly detection, and Athena querying—meeting centralized monitoring and anomaly analysis requirements. Other options deviate in trail scope, detection mechanism, or query service selection.