AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Use AWS CloudTrail for logging API calls and AWS Config for recording IAM policy changes.

Using AWS CloudTrail for logging API calls and AWS Config for recording IAM policy changes provides a comprehensive way to detect and alert on unauthorized changes. This approach ensures that IAM policies are monitored and managed effectively.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Use AWS CloudTrail for logging API calls and AWS Config for recording IAM policy changes.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your organization requires a solution to detect and alert on any unauthorized changes to IAM policies. How would you use AWS CloudTrail and AWS Config to achieve this, and how would you configure them to provide comprehensive security insights?

Simulated

Last updated: December 5, 2025 at 14:03

Use AWS CloudTrail for logging API calls and AWS Config for recording IAM policy changes.

100.0%

Configure AWS Security Hub to aggregate findings from AWS CloudTrail and AWS Config.

0.0%

Manually review each IAM policy for unauthorized changes.

Enable default settings on all IAM policies to ensure security.