AWS Certified Security – Specialty — Question 507

An employee accidentally exposed an AWS access key and secret access key during a public presentation. The company Security Engineer immediately disabled the key.
How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused? (Choose two.)

Answer options

• A. Analyze AWS CloudTrail for activity.
• B. Analyze Amazon CloudWatch Logs for activity.
• C. Download and analyze the IAM Use report from AWS Trusted Advisor.
• D. Analyze the resource inventory in AWS Config for IAM user activity.
• E. Download and analyze a credential report from IAM.

Correct answer: A, E

Explanation

AWS CloudTrail is the primary service for auditing API activity, allowing the engineer to see exactly which commands were executed using the exposed access key. Additionally, downloading an IAM credential report provides the exact timestamp of when the access keys were last used, helping to determine if they were accessed after the exposure. Other services like CloudWatch Logs, Trusted Advisor, and AWS Config do not provide direct, comprehensive logs of specific IAM access key usage and API history.