Q95 — AWS DVA-C02 Ch.2
Question 95 of 100 | ← Chapter 2
A company has an Amazon RDS for MySQL database instance named mysql-db. This database instance was deleted 90 days ago. Developers need to identify the IAM user or role that deleted this database instance in the AWS environment. Which solution provides this information?
- A. Retrieve AWS CloudTrail events for the mysql-db resource where the event name is DeleteDBInstance. Examine each event. ✓
- B. Retrieve Amazon CloudWatch Logs events from the latest log stream of the rds/mysql-db log group. Examine the log events.
- C. Retrieve AWS X-Ray trace summaries. Filter by service name mysql-db. Examine the ErrorRootCauses value in each summary.
- D. Retrieve the AWS Systems Manager deletion inventory. Filter by TypeName value RDS for deleted items. Examine the deletion details.
Correct Answer: A. Retrieve AWS CloudTrail events for the mysql-db resource where the event name is DeleteDBInstance. Examine each event.
Explanation
Option A: AWS CloudTrail records all API calls made to AWS resources, including database instance deletion events. By retrieving CloudTrail events and filtering for those with event name DeleteDBInstance, you can determine who deleted the mysql-db database instance and when. Option B: CloudWatch Logs groups typically store application logs, not detailed information about resource deletion operations. CloudWatch Logs do not record IAM user or role information associated with resource deletion. Option C: AWS X-Ray is used for distributed tracing and application debugging, not for recording or tracking AWS resource deletion events. X-Ray focuses on request performance issues, not IAM operation logging. Option D: The AWS Systems Manager deletion inventory is a record of deletion operations but is primarily used for inventory and configuration management—not detailed operational logging. It does not include IAM user or role information for deletion actions. Therefore, Option A is the correct solution because CloudTrail provides detailed event logs capturing who performed the deletion and other relevant metadata.