Which RQL query is used to detect certain high-risk activities executed by a root user in AWS?
A.
event from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'
B.
event from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'
C.
config from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey', 'DeleteAlarms' ) AND user = 'root'
D.
event from cloud.audit_logs where Risk.Level = 'high' AND user = 'root'
A
https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-examples
https://docs.prismacloud.io/en/classic/rql-reference/rql-reference/event-query/event-query-examples#idda895fd2-4496-4b31-9766-7d50215dcc18
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PCCSE Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
piipo
8 months, 1 week agostock28_CA
11 months, 2 weeks ago