Answer-first summary for fast verification
Answer: Examine AWS CloudTrail logs for security group changes.
The correct answer is C. AWS CloudTrail is the appropriate service to use for tracking changes to an Amazon EC2 instance's security groups. CloudTrail logs and records API calls for actions across AWS services, including modifications to security groups. This service allows users to review a detailed history of events, which can be searched and filtered to identify specific changes made within a certain timeframe, such as the last month. Option A is not sufficient as Amazon EC2 does not provide detailed logs of its own changes. Option B is incorrect because AWS IAM is used for managing access permissions and not for tracking changes to resources. Option D is also incorrect as Amazon CloudWatch is primarily used for monitoring operational health and performance metrics, not for tracking configuration changes.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can a user determine if changes were made to an Amazon EC2 instance's security groups within the last month?
A
Check Amazon EC2 for security group modifications.
B
Review AWS IAM for user or role changes to the security group.
C
Examine AWS CloudTrail logs for security group changes.
D
Inspect Amazon CloudWatch for security group modification events.