Which combination of controls should be used to protect against tampering with and unauthorized access to log files?
(Choose two.)
Ensure that the log file integrity validation mechanism is enabled.
Ensure that all log files are written to at least two separate Amazon S3 buckets in the same account.
Ensure that Systems Administrators and Developers can edit log files, but prevent any other access.
Ensure that Systems Administrators and Developers with job-related need-to-know requirements only are capable of viewing ג€” but not modifying ג€” the log files.
Ensure that all log files are stored on Amazon EC2 instances that allow SSH access from the internal corporate network only.
Explanations:
Enabling log file integrity validation ensures that any changes made to the CloudTrail logs are detectable. This prevents tampering and helps verify the authenticity of log files.
Writing logs to two separate S3 buckets within the same account does not provide additional protection against tampering. Storing logs in different accounts or using versioning and access control would be more effective.
Allowing Systems Administrators and Developers to edit log files undermines the integrity of the logs, as it gives them the ability to modify evidence that could be critical for troubleshooting or security auditing.
Limiting access to log files based on job-related need-to-know ensures that only authorized individuals can view the logs, preventing unauthorized access and preserving the integrity of the logs.
Storing logs on EC2 instances with SSH access does not provide sufficient protection for the logs. EC2 instances can be compromised, and this does not offer robust access control or tamper detection.
As I recall, the answer is:
Ensure that the log file integrity validation mechanism is enabled.