AWS Certified Security – Specialty — Question 35

A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user's IAM permissions in the case of a security incident.
How can this be accomplished?

Answer options

• A. Use AWS Config to review the IAM policy assigned to users before and after the incident.
• B. Run the GenerateCredentialReport via the AWS CLI, and copy the output to Amazon S3 daily for auditing purposes.
• C. Copy AWS CloudFormation templates to S3, and audit for changes from the template.
• D. Use Amazon EC2 Systems Manager to deploy images, and review AWS CloudTrail logs for changes.

Correct answer: A

Explanation

The correct answer is A because AWS Config allows for tracking and auditing changes to IAM policies over time, which is essential during a security incident. Option B, while useful for generating reports, does not provide a direct method for auditing changes to IAM permissions specifically. Options C and D do not address IAM permissions directly, making them inappropriate for the incident response team's needs.