You work as an administrator for a company. The company hosts a number of resources using AWS. There is an incident of a suspicious API activity which occurred 11 days ago. The Security Admin has asked to get the API activity from that point in time.
How can this be achieved?
A . Search the Cloud Watch logs to find for the suspicious activity which occurred 11 days ago
B . Search the Cloudtrail event history on the API events which occurred 11 days ago.
C . Search the Cloud Watch metrics to find for the suspicious activity which occurred 11 days ago
D . Use AWS Config to get the API calls which were made 11 days ago.
Answer: B
Explanation:
The Cloud Trail event history allows to view events which are recorded for 90 days. So one can use a metric filter to gather the API calls from 11 days ago.
Option A and C is invalid because Cloudwatch is used for logging and not for monitoring API activity
Option D is invalid because AWSConfig is a configuration service and not for monitoring API activity
For more information on AWS Cloudtrail, please visit the following URL: https://docs.aws.amazon.com/awscloudtrail/latest/usereuide/how-cloudtrail-works.html Note:
In this question we assume that the customer has enabled cloud trail service.
AWS CloudTrail is enabled by default for ALL CUSTOMERS and will provide visibility into the past seven days of account activity without the need for you to configure a trail in the service to get started. So for an activity that happened 11 days ago to be stored in the cloud trail we need to configure the trail manually to ensure that it is stored in the events history.
• https://aws.amazon.com/blogs/aws/new-amazon-web-services-extends-cloudtrail-to-all-aws-customers/
The correct answer is: Search the Cloudtrail event history on the API events which occurred 11 days ago.
Leave a Reply