A SysOps administrator must manage the security of an AWS account. Recently, an IAM user’s access key was mistakenly uploaded to a public code repository. The SysOps administrator must identify anything that was changed by using this access key. How should the SysOps administrator meet these requirements?

Topic #: - All AWS Certified SysOps Administrator - Associate Questions

A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to send all IAM events to an AWS Lambda function for analysis.
B. Query Amazon EC2 logs by using Amazon CloudWatch Logs Insights for all events initiated with the compromised access key within the suspected timeframe.
C. Search AWS CloudTrail event history for all events initiated with the compromised access key within the suspected timeframe.
D. Search VPC Flow Logs for all events initiated with the compromised access key within the suspected timeframe.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion