AWS Certified Security – Specialty — Question 23

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done within AWS?

Answer options

• A. Use the AWS CloudTrail console to search for user activity.
• B. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
• C. Use AWS Config to see what actions were taken by the user.
• D. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.

Correct answer: A

Explanation

The correct answer is A because the AWS CloudTrail console provides a comprehensive view of API activity across your AWS account, making it ideal for auditing user actions. The other options, while useful in certain contexts, do not provide the same level of direct insight into user activity as CloudTrail does.