Amazon Exam SCS-C01 Topic 1 Question 44 Discussion

Actual exam question for Amazon's SCS-C01 exam

Question #: 44
Topic #: 1

A company became aware that one of its access keys was exposed on a code sharing website 11 days ago. A Security Engineer must review all use of the exposed access keys to determine the extent of the exposure. The company enabled IAM CloudTrail m an regions when it opened the account

Which of the following will allow (he Security Engineer 10 complete the task?

AFilter the event history on the exposed access key in the CloudTrail console Examine the data from the past 11 days.

BUse the IAM CLI lo generate an IAM credential report Extract all the data from the past 11 days.

CUse Amazon Athena to query the CloudTrail logs from Amazon S3 Retrieve the rows for the exposed access key tor the past 11 days.

DUse the Access Advisor tab in the IAM console to view all of the access key activity for the past 11 days.

Show Suggested Answer

Suggested Answer: C

The AWS documentation states that you can create an Amazon EventBridge rule to detect KMS API calls of DisableKey and ScheduleKeyDeletion. You can then create an AWS Lambda function to send an Amazon Simple Notification Service (Amazon SNS) message to the company. You can add the Lambda function as the target of the EventBridge rule. This method will meet the requirements.

by Arlette at Jul 06, 2023, 11:09 AM

Limited Time Offer

25%

Off

Get Premium SCS-C01 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!