Which of the following will allow the Security Engineer to complete the task?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A company became aware that one of its access keys was exposed on a code sharing website 11 days ago.A Security Engineer must review all use of the exposed keys to determine the extent of the exposure.The company enabled AWS CloudTrail in all regions when it opened the account.

Which of the following will allow the Security Engineer to complete the task?

Filter the event history on the exposed access key in the CloudTrail console. Examine the data from the past 11 days.

Use the AWS CLI to generate an IAM credential report. Extract all the data from the past 11 days.

Use Amazon Athena to query the CloudTrail logs from Amazon S3. Retrieve the rows for the exposed access key for the past 11 days.

Use the Access Advisor tab in the IAM console to view all of the access key activity for the past 11 days.

Explanations:

CloudTrail logs all API activity, and filtering event history on the exposed access key in the CloudTrail console will allow the Security Engineer to identify all actions performed using the key over the past 11 days.

IAM credential reports provide details on users, groups, and permissions, but they do not provide specific information about the use of access keys over time. They cannot be filtered by time or key usage like CloudTrail.

Amazon Athena is used to query CloudTrail logs stored in Amazon S3, but the logs themselves are not automatically stored in S3 unless configured. The question does not state that logs were stored in S3, so this method is not applicable.

The Access Advisor tab shows which services a user has accessed, but it does not show detailed historical activity of specific access keys over time. It provides a snapshot of permissions, not access key usage history.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 5 =