Q92 — AWS SCS-C02 Ch.1

Question 92 of 100 | ← Chapter 1

A startup company is using a single AWS account that has resources in a single AWS Region. A security engineer congures an AWS CloudTrail trail in the same Region to deliver log les to an Amazon S3 bucket by using the AWS CLI. Because of expansion, the company adds resources in multiple Regions. The security engineer notices that the logs from the new Regions are not reaching the S3 bucket.  What should the security engineer do to x this issue with the LEAST amount of operational overhead?

Correct Answer: D. Change the existing CloudTrail trail so that it applies to all Regions.

Explanation

AWS CloudTrail支持在单个trail中配置多区域日志收集。当现有trail仅作用于单个区域时,新增区域的API活动不会记录。根据AWS官方文档,通过编辑现有trail并启用"Apply trail to all regions"选项,该trail会自动捕获所有(包括未来新增)区域的日志,无需额外创建新trail。选项D直接修改现有配置,避免了维护多个trail的复杂性,符合最小操作成本要求。选项A、C需要新增资源,选项B的S3通知功能与日志收集范围无关。