ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 158 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 158
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company became aware that one of its access keys was exposed on a code sharing website 11 days ago. A Security Engineer must review all use of the exposed keys to determine the extent of the exposure. The company enabled AWS CloudTrail in all regions when it opened the account.
Which of the following will allow the Security Engineer to complete the task?

  • A. Filter the event history on the exposed access key in the CloudTrail console. Examine the data from the past 11 days.
  • B. Use the AWS CLI to generate an IAM credential report. Extract all the data from the past 11 days.
  • C. Use Amazon Athena to query the CloudTrail logs from Amazon S3. Retrieve the rows for the exposed access key for the past 11 days.
  • D. Use the Access Advisor tab in the IAM console to view all of the access key activity for the past 11 days.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by PeppaPig at Aug. 29, 2020, 6:20 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
saptati
Highly Voted 3 years, 8 months ago
The following AWS blog post suggests using cloudtrail for exposed IAM access key API activity. To identify AWS API activity older than 90 days use Athena. Hence, A is the right answer. https://aws.amazon.com/premiumsupport/knowledge-center/cloudtrail-search-for-activity/
upvoted 28 times
sapien45
2 years, 11 months ago
Link is great. CloudTrail Event is the answer indeed, but To identify AWS API activity older than 90 days use Cloudwatchlogs says the blog A
upvoted 1 times
...
...
PeppaPig
Highly Voted 3 years, 9 months ago
C is the right answer
upvoted 7 times
satbim
3 years, 9 months ago
because of multi region you said but IAM is global
upvoted 2 times
...
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: A
A is the correct answer CloudTrail is enabled, but no indication that a trail with S3 bucket as its destination is created.
upvoted 2 times
...
RosenYordanov
1 year, 7 months ago
Selected Answer: C
C. Use Amazon Athena to query the CloudTrail logs from Amazon S3. Retrieve the rows for the exposed access key for the past 11 days. Explanation: CloudTrail Logs: AWS CloudTrail records API calls made on your account. It stores these logs in an Amazon S3 bucket, which can be queried. Amazon Athena: Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. You can use Athena to query the CloudTrail logs stored in S3. Query CloudTrail Logs: By using Amazon Athena, the Security Engineer can execute SQL queries to filter and analyze the CloudTrail logs specific to the exposed access key for the past 11 days.
upvoted 1 times
...
ITGURU51
2 years, 2 months ago
https://repost.aws/knowledge-center/view-iam-history (Answer: A)
upvoted 1 times
...
Vamshi_Munugala
2 years, 3 months ago
C is answer and here is why !! You can use Cloudtrail console to get the logs for last 90 days but you will only get the management events and not the data events. To get the complete picture of what is done using the access keys C is ideal option. Athena is used not only if the logs are 90 or more days older but also when the event in question is data event.
upvoted 1 times
...
Fyssy
2 years, 7 months ago
Selected Answer: A
The question focuses on cost optimization. Athena has additional cost than just querying in Event history
upvoted 1 times
...
MoreOps
3 years, 2 months ago
Selected Answer: A
Dup Question, A is the answer
upvoted 1 times
...
Radhaghosh
3 years, 5 months ago
Option A is correct option. Cloud Trail will store 90 days history.
upvoted 1 times
...
sam_live
3 years, 5 months ago
Selected Answer: A
anyone confused just go to CloudTrail console and try the option A.
upvoted 2 times
...
network_zeal
3 years, 5 months ago
A is correct. C is possible but that is assuming a trail was already setup beforehand(in this case more than 11 days ago) to send CloudTrail data to S3. Also credential report will report on last usage of key but not provide list of every access
upvoted 2 times
...
nparimi
3 years, 8 months ago
A Seem to be old question. CT logs previous default was 7 days, now its 90 days. With old default C could make more sense.
upvoted 5 times
...
Samoanhulk
3 years, 8 months ago
A is correct
upvoted 2 times
...
Ayusef
3 years, 8 months ago
Its A.. The website given explains the whole process.
upvoted 2 times
...
sanjaym
3 years, 8 months ago
A for sure
upvoted 3 times
...
Hungdv
3 years, 8 months ago
Answer shoud be A
upvoted 3 times
...
Sitender
3 years, 8 months ago
Athena is needed to check logs older than 90 days. So no need to check Athena
upvoted 1 times
honey39
3 years, 8 months ago
True, but it does not mean that athena should only use post 90 days
upvoted 1 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel