MCQs Questions on Introduction to AWS CloudTrail

Explore AWS CloudTrail MCQ questions and answers to gain a deeper understanding of this essential service for auditing and monitoring AWS environments. AWS CloudTrail provides detailed insights into account activity, ensuring transparency and security. Perfect for beginners and professionals, these questions cover its overview, benefits, and core concepts.

AWS CloudTrail MCQs

Overview and Benefits

1. What is the primary purpose of AWS CloudTrail?
   a) Compute optimization
   b) Tracking user activity and API usage
   c) Cost management
   d) Data storage
2. AWS CloudTrail helps enhance security by:
   a) Encrypting all resources automatically
   b) Providing a record of AWS account activity
   c) Offering free vulnerability scanning
   d) Blocking unauthorized access
3. What kind of events does AWS CloudTrail capture?
   a) Only compute-related events
   b) All API calls made within an AWS account
   c) Database query logs
   d) Network activity logs only
4. Which AWS service works closely with CloudTrail for analyzing logs?
   a) AWS Config
   b) Amazon Athena
   c) AWS RDS
   d) Amazon EC2
5. CloudTrail supports compliance by:
   a) Blocking non-compliant actions
   b) Recording activities for audit trails
   c) Automatically resolving security issues
   d) Providing compliance certificates

Key Concepts and Terminology

6. A trail in AWS CloudTrail refers to:
   a) The process of encrypting data
   b) A configuration to deliver logs to a destination
   c) A storage bucket for backup data
   d) A tool for visualizing network topology
7. How many regions can a single CloudTrail trail monitor?
   a) One region only
   b) Multiple regions or global activity
   c) Up to three regions
   d) Only specific Availability Zones
8. What is the default retention period for CloudTrail logs in S3?
   a) 7 days
   b) 90 days
   c) As long as the logs remain in S3
   d) 365 days
9. What does a CloudTrail event contain?
   a) Metadata about compute performance
   b) Details about user activity, IP address, and resources accessed
   c) Configuration details of EC2 instances
   d) Encrypted user credentials
10. AWS CloudTrail provides event history for which of the following?
    a) Past 30 days of account activity
    b) All historical data in the account
    c) The last 24 hours of activity
    d) Real-time activity monitoring only
11. Which of the following is NOT a valid event type in CloudTrail?
    a) Data events
    b) Management events
    c) Compute events
    d) Insights events
12. CloudTrail Insights is used for:
    a) Detecting unusual operational activity
    b) Creating custom trails
    c) Logging standard API calls
    d) Managing S3 bucket access

Setting Up CloudTrail

13. What is required to set up a CloudTrail trail?
    a) An EC2 instance
    b) An S3 bucket for log storage
    c) A custom VPC
    d) AWS Directory Service
14. How does CloudTrail deliver logs to S3?
    a) In real-time
    b) By scheduled batch uploads
    c) Through API integration
    d) Automatically, as they are generated
15. How can you monitor CloudTrail logs in near real-time?
    a) Use Amazon CloudWatch Logs integration
    b) Export logs to a local machine
    c) Enable S3 cross-region replication
    d) Configure Amazon RDS logs
16. What permissions are required for CloudTrail to write logs to an S3 bucket?
    a) Full access to the entire AWS account
    b) Write access to the S3 bucket and key policy updates
    c) Administrator permissions
    d) No permissions are required
17. How can you encrypt CloudTrail logs?
    a) Use AWS KMS for encryption
    b) By enabling server-side encryption in RDS
    c) Through IAM policies
    d) By exporting to a secure file system
18. To reduce costs, where should you store long-term CloudTrail logs?
    a) AWS Glacier or S3 Intelligent-Tiering
    b) Amazon EC2 storage
    c) AWS ElastiCache
    d) Amazon DynamoDB
19. How do you enable cross-account logging with CloudTrail?
    a) Share an IAM role between accounts
    b) Use a centralized S3 bucket for all accounts
    c) Enable API Gateway logging
    d) Create a Lambda function
20. What is a best practice for securing CloudTrail logs?
    a) Use a public S3 bucket for better accessibility
    b) Enable log file validation and encrypt logs with AWS KMS
    c) Disable logging after analysis
    d) Share logs with third-party tools
21. Which feature of CloudTrail allows tracking activity in real-time?
    a) Event history
    b) CloudTrail Insights
    c) CloudWatch Logs integration
    d) Management Console snapshots
22. How can you restrict access to CloudTrail logs in S3?
    a) Use bucket policies and IAM permissions
    b) Enable unrestricted access to all users
    c) Store logs in the root account bucket
    d) Disable bucket encryption
23. What does enabling multi-region trails do in CloudTrail?
    a) Tracks activity across all supported AWS regions
    b) Increases logging performance for a single region
    c) Restricts logs to the nearest edge location
    d) Reduces costs for single-region deployments
24. How is CloudTrail different from AWS Config?
    a) CloudTrail focuses on logging API activity; AWS Config tracks resource configurations
    b) AWS Config provides real-time user activity monitoring
    c) CloudTrail offers data encryption while Config does not
    d) Config replaces CloudTrail for monitoring
25. What is the maximum number of trails you can create per AWS account?
    a) 1
    b) 5
    c) 10
    d) Unlimited

Answers