Which steps should a SysOps Administrator take to meet the CISO’s requirement?
(Choose two.)
Enable Amazon S3 Analytics on all affected S3 buckets to obtain a report of which buckets are being accessed without authorization.
Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.
Use Amazon Athena to query S3 Analytics report for HTTP 403 errors, and determine the IAM user or role making the requests.
Use Amazon Athena to query the S3 Server Access Logs for HTTP 403 errors, and determine the IAM user or role making the requests.
Use Amazon Athena to query the S3 Server Access Logs for HTTP 503 errors, and determine the IAM user or role making the requests.
Explanations:
Amazon S3 Analytics provides insights into storage usage patterns but does not log unauthorized access attempts. It cannot be used to track unauthorized access to S3 buckets.
Enabling S3 Server Access Logging on buckets will log detailed requests, including failed access attempts (e.g., 403 errors), and can be stored in a dedicated log bucket for further analysis.
S3 Analytics reports do not provide specific information about access errors or unauthorized access attempts, and cannot identify IAM users or roles associated with 403 errors.
Querying the S3 Server Access Logs with Amazon Athena can identify HTTP 403 errors (for unauthorized access attempts) and can be used to determine the IAM user or role responsible for the requests.
HTTP 503 errors indicate service availability issues (e.g., server overload), not unauthorized access, so querying for 503 errors won’t help identify unauthorized access attempts.
It seems to me that the answer is:
Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.
I would say the answer is:
Enable Amazon S3 Server Access Logging on all affected S3 buckets and have the logs stored in a bucket dedicated for logs.