AWS Certified Security – Specialty — Question 180

A company's security engineer has been asked to monitor and report all AWS account root user activities.
Which of the following would enable the security engineer to monitor and report all root user activities? (Choose two.)

Answer options

• A. Configuring AWS Organizations to monitor root user API calls on the paying account
• B. Creating an Amazon CloudWatch Events rule that will trigger when any API call from the root user is reported
• C. Configuring Amazon Inspector to scan the AWS account for any root user activity
• D. Configuring AWS Trusted Advisor to send an email to the security team when the root user logs in to the console
• E. Using Amazon SNS to notify the target group

Correct answer: B, E

Explanation

The correct answers are B and E because creating an Amazon CloudWatch Events rule allows for monitoring of any API calls made by the root user, enabling prompt reporting. Using Amazon SNS complements this by sending notifications to the target group whenever such events occur. The other options either do not provide real-time monitoring or are not designed to track root user activities effectively.