AWS Certified Cloud Practitioner — Question 934

A user needs to determine whether an Amazon EC2 instance's security groups were modified in the last month.
How can the user see if a change was made?

Answer options

• A. Use Amazon EC2 to see if the security group was changed.
• B. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.
• C. Use AWS CloudTrail to see if the security group was changed.
• D. Use Amazon CloudWatch to see if the security group was changed.

Correct answer: C

Explanation

AWS CloudTrail records and monitors API activity across an AWS account, making it the ideal service to track historical modifications to Amazon EC2 security groups. Amazon EC2 only shows the current configuration state rather than a historical audit log, while IAM is used for access management rather than resource auditing. Amazon CloudWatch is designed for performance metrics and application logs, not for tracking API-driven infrastructure changes.