AWS Certified SysOps Administrator – Associate (legacy) — Question 68

An organization has hired an external firm to audit unauthorized changes on the company's AWS environment, the external auditor needs appropriate access.
How can this be accomplished?

Answer options

• A. Create an IAM user and assign them a new policy with GetResources access on AWS Artifact
• B. Create an IAM user and add them to the existing ג€Administratorג€ IAM group
• C. Create an IAM user and assign them a new IAM policy with read access to the AWS CloudTrail logs in Amazon S3
• D. Create an IAM user and assign them a new policy with ListFindings access on Amazon Inspector

Correct answer: C

Explanation

The correct answer is C, as read access to AWS CloudTrail logs in Amazon S3 allows the auditor to review all changes made in the environment, which is essential for auditing unauthorized changes. Option A is incorrect because GetResources access on AWS Artifact does not provide necessary visibility into CloudTrail logs. Option B gives too much access through the Administrator group, which is not appropriate for an external auditor. Option D is also incorrect since ListFindings access on Amazon Inspector does not relate to the auditing of changes in the AWS environment.