Topic 1
Question #30
A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze
suspicious AWS
CloudTrail log les but is overwhelmed by the volume of audit logs being generated.
What approach enables the Administrator to search through the logs MOST eciently?
A. Implement a €write-only € CloudTrail event lter to detect any modications to the AWS account resources.
B. Congure Amazon Macie to classify and discover sensitive data in the Amazon S3 bucket that contains the CloudTrail audit logs.
C. Congure Amazon Athena to read from the CloudTrail S3 bucket and query the logs to examine account activities.
D. Enable Amazon S3 event notications to trigger an AWS Lambda function that sends an email alarm when there are new CloudTrail API
entries.
Correct Answer:
C
Reference:
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
Community vote distribution
Topic 1
Question #31
During a recent security audit, it was discovered that multiple teams in a large organization have placed restricted data in multiple Amazon S3
buckets, and the data may have been exposed. The auditor has requested that the organization identify all possible objects that contain personally
identiable information (PII) and then determine whether this information has been accessed.
What solution will allow the Security team to complete this request?
A. Using Amazon Athena, query the impacted S3 buckets by using the PII query identier function. Then, create a new Amazon CloudWatch
metric for Amazon S3 object access to alert when the objects are accessed.
B. Enable Amazon Macie on the S3 buckets that were impacted, then perform data classication. For identied objects that contain PII, use
the research function for auditing AWS CloudTrail logs and S3 bucket logs for GET operations.
C. Enable Amazon GuardDuty and enable the PII rule set on the S3 buckets that were impacted, then perform data classication. Using the PII
ndings report from GuardDuty, query the S3 bucket logs by using Athena for GET operations.
D. Enable Amazon Inspector on the S3 buckets that were impacted, then perform data classication. For identied objects that contain PII,
query the S3 bucket logs by using Athena for GET operations.
Correct Answer:
B
Community vote distribution