Answer-first summary for fast verification
Answer: Use Amazon Athena to query the CloudTrail logs in DOC-EXAMPLE-BUCKET2 for any API calls that used the access key to access an object that contained PII., Configure Amazon Macie to identify any objects in DOC-EXAMPLE-BUCKET1 that contain PII and that were available to the access key.
To determine if any objects in DOC-EXAMPLE-BUCKET1 were accessed with the IAM access key in the past 60 days, we need to analyze the CloudTrail logs. Amazon Athena (option C) is well-suited for querying these logs in DOC-EXAMPLE-BUCKET2. Once we have identified the accessed objects, we need to examine their contents for personally identifiable information (PII). Amazon Macie (option E) can be configured to scan DOC-EXAMPLE-BUCKET1 for PII in the text files. Therefore, the correct steps to gather this information are using Amazon Athena to query the CloudTrail logs and configuring Amazon Macie to scan the S3 bucket for PII.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company's legacy application, hosted on a single Amazon EC2 instance, uses an IAM access key embedded in its code to access an Amazon S3 bucket named DOC-EXAMPLE-BUCKET1. The access key is authorized for s3:GetObject permissions on all objects within this bucket. Due to security policy violations, the application has been decommissioned. The company has AWS CloudTrail enabled across all regions, with logs being delivered to another S3 bucket named DOC-EXAMPLE-BUCKET2, but without integration to Amazon CloudWatch Logs. The company seeks to ascertain whether any objects in DOC-EXAMPLE-BUCKET1 were accessed using the IAM access key within the last 60 days, and specifically, if any text files (.txt) in the bucket contain personally identifiable information (PII). What steps should the security engineer undertake to collect this information?
A
Use Amazon CloudWatch Logs Insights to identify any objects in DOC-EXAMPLE-BUCKET1 that contain PII and that were available to the access key.
B
Use Amazon OpenSearch Service to query the CloudTrail logs in DOC-EXAMPLE-BUCKET2 for API calls that used the access key to access an object that contained PII.
C
Use Amazon Athena to query the CloudTrail logs in DOC-EXAMPLE-BUCKET2 for any API calls that used the access key to access an object that contained PII.
D
Use AWS Identity and Access Management Access Analyzer to identify any API calls that used the access key to access objects that contained PII in DOC-EXAMPLE-BUCKET1.
E
Configure Amazon Macie to identify any objects in DOC-EXAMPLE-BUCKET1 that contain PII and that were available to the access key.