AWS Certified SysOps Administrator – Associate (legacy) — Question 539

A SysOps Administrator needs to monitor all the object upload and download activity of a single Amazon S3 bucket. Monitoring must include tracking the AWS account of the caller, the IAM user role of the caller, the time of the API call, and the IP address of the API.
Where can the Administrator find this information?

Answer options

• A. AWS CloudTrail data event logging
• B. AWS CloudTrail management event logging
• C. Amazon Inspector bucket event logging
• D. Amazon Inspector user event logging

Correct answer: A

Explanation

AWS CloudTrail data events capture detailed resource-level operations, such as Amazon S3 object-level APIs (GetObject and PutObject), which include requester identity, timestamp, and IP address. In contrast, management events only track control plane operations like bucket creation or modification. Amazon Inspector is a vulnerability management service and does not provide S3 API access logging.