AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Search CloudTrail logs with Amazon Athena queries to identify the errors.

## Explanation **Correct Answer: C - Search CloudTrail logs with Amazon Athena queries to identify the errors.** ### Why Option C is Correct: 1. **Least Effort**: Amazon Athena is a serverless interactive query service that allows you to analyze data in Amazon S3 using standard SQL. Since CloudTrail logs are stored in S3, Athena provides the most straightforward way to query them without provisioning infrastructure. 2. **Direct Query Capability**: You can write SQL queries directly against CloudTrail logs to search for specific error types like "AccessDenied" or "Unauthorized" errors. 3. **No Custom Scripts Required**: Unlike options A and B, Athena doesn't require writing and maintaining custom scripts or managing infrastructure. 4. **Cost-Effective**: Athena charges only for the data scanned per query, making it cost-efficient for occasional troubleshooting. ### Why Other Options Are Not the Least Effort: **Option A (AWS Glue)**: - Requires setting up ETL jobs, writing custom scripts, and managing infrastructure - More complex than direct SQL queries with Athena - Better suited for data transformation and preparation, not simple querying **Option B (AWS Batch)**: - Requires containerizing scripts, managing compute environments, and job scheduling - Overkill for simple log analysis queries - Involves infrastructure management **Option D (Amazon QuickSight)**: - Requires creating dashboards and visualizations - More effort than simple querying with Athena - Better for ongoing monitoring and visualization, not one-time troubleshooting ### Recommended Approach: 1. Ensure CloudTrail logs are delivered to an S3 bucket 2. Create an Athena table using the CloudTrail log format 3. Write SQL queries to filter for error events: ```sql SELECT * FROM cloudtrail_logs WHERE errorcode IN ('AccessDenied', 'Unauthorized') AND eventtime >= '2024-01-01' ``` This solution provides the quickest, most straightforward way to analyze IAM permission errors with minimal setup and maintenance overhead.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Search CloudTrail logs with Amazon Athena queries to identify the errors.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company wants to analyze and troubleshoot Access Denied errors and Unauthorized errors that are related to IAM permissions. The company has AWS CloudTrail turned on.

Which solution will meet these requirements with the LEAST effort?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use AWS Glue and write custom scripts to query CloudTrail logs for the errors.

Use AWS Batch and write custom scripts to query CloudTrail logs for the errors.

Search CloudTrail logs with Amazon Athena queries to identify the errors.

AWS Certified Solutions Architect - Associate

Get started today

Quick Answer

Quick Answer

Comments (0)

Get started today

Comments (0)

A company wants to analyze and troubleshoot Access Denied errors and Unauthorized errors that are related to IAM permissions. The company has AWS CloudTrail turned on. Which solution will meet these requirements with the LEAST effort?

A company wants to analyze and troubleshoot Access Denied errors and Unauthorized errors that are related to IAM permissions. The company has AWS CloudTrail turned on.

Which solution will meet these requirements with the LEAST effort?