Answer-first summary for fast verification
Answer: In AWS CloudTrail, filter the event history to display results from the past 30 days. Create an Amazon Athena table that contains the data. Partition the table by event source.
The correct answer is C. Utilizing AWS CloudTrail allows the security consultant to filter event history for the past 30 days, helping to identify any activities related to the creation, modification, or deletion of resources. By creating an Amazon Athena table and partitioning the data by event source, it becomes easier to analyze and pinpoint any unauthorized activities performed by the former employee. This solution is the most efficient and effective method for quickly determining resource changes in the AWS account.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company has identified a billing anomaly in their AWS account and has discovered that an employee who left the company 30 days ago still has access. The company has not been monitoring account activity. A security consultant is tasked with quickly determining which resources have been deployed or reconfigured by this former employee. Which AWS service or feature should the consultant use to efficiently identify these changes?
A
In AWS Cost Explorer, filter chart data to display results from the past 30 days. Export the results to a data table. Group the data table by resource.
B
Use AWS Cost Anomaly Detection to create a cost monitor. Access the detection history. Set the time frame to Last 30 days. In the search area, choose the service category.
C
In AWS CloudTrail, filter the event history to display results from the past 30 days. Create an Amazon Athena table that contains the data. Partition the table by event source.
D
Use AWS Audit Manager to create an assessment for the past 30 days. Apply a usage-based framework to the assessment. Configure the assessment to assess by resource.
No comments yet.