Topic 1 Question 58
A SysOps administrator must manage the security of an AWS account. Recently, an IAM user's access key was mistakenly uploaded to a public code repository. The SysOps administrator must identify anything that was changed by using this access key. How should the SysOps administrator meet these requirements?
Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.
Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
C "You can troubleshoot operational and security incidents over the past 90 days in the CloudTrail console by viewing Event history." https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html
👍 8kati2k22cz2022/09/03 - 正解だと思う選択肢: C
ccccccc
👍 1michaldavid2022/12/08 - 正解だと思う選択肢: C
answer is C.
👍 1BietTuot2022/12/15
シャッフルモード