AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 166

You are auditing an AWS infrastructure after you noticed some abnormal charges on the bill. You use AWS Config to monitor your changes. What else is required to find out who made the change?

Answer options

• A. There is no information to find this. You will need to sign up for Config Premium.
• B. Use the eventID of the change and reference it with your Flow Logs.
• C. Use the eventId of the change and reference it with CloudTrail to find the culprit.
• D. Use the eventID of the change and reference it with CloudWatch to find the culprit.

Correct answer: C

Explanation

The correct answer is C because AWS CloudTrail logs API calls made in your AWS account, allowing you to trace changes back to the user or service that initiated them. Options A and D do not provide the necessary functionality to track changes back to a user, while option B incorrectly suggests using Flow Logs, which are primarily for monitoring network traffic, not API actions.