AWS Certified SysOps Administrator – Associate (legacy) — Question 753

A SysOps Administrator must generate a report that provides a breakdown of all API activity by a specific user over the course of a year. AWS CloudTrail has already been enabled.
How should this report be generated?

Answer options

• A. Use the AWS Management Console to search for the user name in the CloudTrail history. Filter by API and download the report in CSV format.
• B. Use the CloudTrail digest files stored in the company's Amazon S3 bucket. Send the logs to Amazon QuickSight to create the report.
• C. Locate the monthly reports that CloudTrail sends that are emailed to the account's root user. Forward the reports to the auditor using a secure channel.
• D. Access the CloudTrail logs stored in the Amazon S3 bucket tied to CloudTrail. Use Amazon Athena to extract the information needed to generate the report.

Correct answer: D

Explanation

CloudTrail event history in the AWS Management Console only retains data for up to 90 days, making Option A insufficient for a full year of data. By storing CloudTrail logs in an Amazon S3 bucket, administrators can retain data indefinitely and use Amazon Athena to run SQL queries to extract a complete year of API activity for a specific user. Option B is incorrect because digest files are used for log file integrity validation, and Option C is incorrect as AWS does not email monthly CloudTrail reports.