AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company has identified a billing anomaly in their AWS account and has discovered that an employee who left the company 30 days ago still has access. The company has not been monitoring account activity. A security consultant is tasked with quickly determining which resources have been deployed or reconfigured by this former employee. Which AWS service or feature should the consultant use to efficiently identify these changes?
A company has identified a billing anomaly in their AWS account and has discovered that an employee who left the company 30 days ago still has access. The company has not been monitoring account activity. A security consultant is tasked with quickly determining which resources have been deployed or reconfigured by this former employee. Which AWS service or feature should the consultant use to efficiently identify these changes?
Explanation:
The correct answer is C. Utilizing AWS CloudTrail allows the security consultant to filter event history for the past 30 days, helping to identify any activities related to the creation, modification, or deletion of resources. By creating an Amazon Athena table and partitioning the data by event source, it becomes easier to analyze and pinpoint any unauthorized activities performed by the former employee. This solution is the most efficient and effective method for quickly determining resource changes in the AWS account.