📜 AWS CloudTrail - SCS-C02 Practice Questions

Practice trail configuration, data events, management events, organization trails, CloudTrail Lake, log file integrity, and security investigation patterns.

10Questions Available
1Exam Domains

Practice CloudTrail Questions Now

Start a timed practice session focusing on AWS CloudTrail topics from the SCS-C02 question bank.

Start SCS-C02 Practice Quiz →

SCS-C02 CloudTrail Question Bank (10 Questions)

Browse all 10 practice questions covering AWS CloudTrail for the SCS-C02 certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

  1. Question 1Security Logging and Monitoring

    What is the difference between CloudTrail data events and management events?

    ASame events
    BManagement events: control plane API calls (CreateBucket, RunInstances). Data events: data plane operations (S3 GetObject, Lambda Invoke) — data events generate high volume and cost more to log
    CData events are free
    DManagement events are optional

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  2. Question 2Security Logging and Monitoring

    What is CloudTrail Lake?

    AA data lake
    BA managed data lake for CloudTrail events enabling SQL-based querying, dashboards, and cross-account aggregation with 7-year default retention
    CA physical lake
    DA CloudTrail region

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  3. Question 3Security Logging and Monitoring

    A company needs to centralize CloudTrail logs from all AWS accounts in an organization. Which approach is recommended?

    AEnable CloudTrail in each account separately
    BCreate an Organization trail in the management account
    CUse AWS Config aggregator
    DEnable VPC Flow Logs organization-wide

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  4. Question 4Security Logging and Monitoring

    A security team needs to search and analyze large volumes of CloudTrail logs interactively. Which service is MOST appropriate?

    AAmazon S3 Select
    BAmazon Athena
    CAmazon Redshift
    DAWS Glue

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  5. Question 5Security Logging and Monitoring

    Which metric filter on CloudWatch Logs can detect unauthorized API calls in CloudTrail logs?

    AFilter for errorCode = 'UnauthorizedAccess'
    BFilter for errorCode = 'AccessDenied' or 'UnauthorizedAccess'
    CFilter for all 4xx status codes
    DFilter for eventSource = 'signin.amazonaws.com'

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  6. Question 6Security Logging and Monitoring

    A company must retain CloudTrail logs for 7 years for compliance. What is the recommended storage approach?

    AKeep CloudTrail trail retention at maximum
    BDeliver to S3 with lifecycle policy transitioning to Glacier
    CStore in CloudWatch Logs with 7-year retention
    DUse Amazon OpenSearch for long-term storage

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  7. Question 7Identity and Access Management

    Which Organizations feature prevents member accounts from leaving the organization or disabling CloudTrail?

    ATag policies
    BService Control Policies (SCPs)
    CBackup policies
    DAI services opt-out policies

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  8. Question 8Security Logging and Monitoring

    How should CloudTrail be configured for security monitoring?

    ADefault trail only
    BEnable Organization trail, log all management and data events, enable CloudTrail Insights, store in S3 with integrity validation
    CDisable CloudTrail for performance
    DLog only write events

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  9. Question 9Security Logging and Monitoring

    What is the purpose of CloudTrail Insights?

    AReduce costs
    BDetect unusual API activity patterns by analyzing normal usage baselines and alerting on deviations like burst of API calls or new services used
    CSpeed up APIs
    DCompress logs

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz
  10. Question 10Security Logging and Monitoring

    How does AWS CloudTrail Insights work?

    AStandard logging
    BAn advanced feature that detects unusual activity by establishing a baseline of normal API usage patterns and alerting on deviations like spikes in error rates or unusual API calls
    CManual analysis only
    DReal-time monitoring only

    Answer hidden for practice.

    Use the interactive quiz to reveal the correct answer and explanation.

    Start SCS-C02 Quiz

Key CloudTrail Concepts for SCS-C02

cloudtrailtraildata eventmanagement eventorganization trailcloudtrail lakelog integrity

SCS-C02 CloudTrail Exam Tips

AWS CloudTrail questions in SCS-C02 are typically scenario-based. Focus on threat detection, preventive controls, encryption strategy, and security governance. Priority concepts: cloudtrail, trail, data event, management event, organization trail, cloudtrail lake.

What SCS-C02 Expects

  • Anchor your answer in choose layered security controls with clear detection and response pathways.
  • CloudTrail scenarios for SCS-C02 are frequently mapped to Domain 4 (16%), so read the objective carefully before picking controls or architecture.
  • Expect multi-topic scenarios where CloudTrail interacts with IAM, networking, storage, or observability patterns rather than appearing as an isolated question.
  • When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Specialty) and vendor best practices.

High-Value CloudTrail Concepts

  • Know the core CloudTrail building blocks cold: cloudtrail, trail, data event, management event.
  • Review the edge-case features and limits for organization trail, cloudtrail lake; these details are commonly used to differentiate answer choices.
  • Practice service-integration reasoning: how CloudTrail pairs with Security Hub, GuardDuty, Detective in real deployment patterns.
  • For SCS-C02, explain why the chosen CloudTrail design meets reliability, security, and cost expectations better than the alternatives.

Common SCS-C02 Traps

  • Watch for relying on one control where defense-in-depth is expected.
  • Questions in Identity & Access Management often include distractors that look correct for CloudTrail but violate least-privilege, durability, or availability requirements.
  • Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
  • If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

  • Can you compare at least two CloudTrail implementation paths and justify which one best fits the scenario?
  • Can you map the chosen answer back to Identity & Access Management (16%) outcomes for SCS-C02?
  • Can you explain security and access boundaries for CloudTrail without relying on default-open assumptions?
  • Can you describe how CloudTrail integrates with Security Hub and GuardDuty during failure, scaling, and monitoring events?

Exam Domains Covering CloudTrail

Domain 4Identity & Access Management16%

Related Resources

🎯 Free SCS-C02 Mock Exam Security Hub Questions GuardDuty Questions Detective Questions

More SCS-C02 Study Resources

← SCS-C02 Study Hub30-Day Study PlanFull Practice Exam