Q62 — AWS SAA-C03 Ch.4
Question 62 of 105 | ← Chapter 4
Q257. An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.Which service should the solutions architect use to find the desired information?
- A. Amazon GuardDuty
- B. Amazon Inspector
- C. AWS CloudTrail ✓
- D. AWS Config
Correct Answer: C. AWS CloudTrail
Explanation
To find the IAM user who made the configuration changes to AWS resources and confirm which security group rules were not configured as desired, a solutions architect should use AWS CloudTrail. Therefore, option C is the correct answer. Option A suggests using Amazon GuardDuty, which is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in an AWS account. While GuardDuty can help detect unauthorized changes, it does not provide detailed information about who made the changes. Option B suggests using Amazon Inspector, which is an automated security assessment service that helps improve the security and compliance of applications deployed on EC2 instances. While Inspector can provide insights into the security posture of an application, it does not provide information about who made configuration changes. Option D suggests using AWS Config, which is a service that provides a detailed inventory of AWS resources and their configurations over time. While Config can provide information about resource configurations, it may not provide detailed information about who made changes. By using AWS CloudTrail, the solutions architect can review the audit logs of AWS API calls to determine which IAM user made the configuration changes and what actions were taken. CloudTrail provides a record of all API calls made in an AWS account, including the identity of the user who made the call, the time of the call, and the parameters passed to the API. By searching the CloudTrail logs for the relevant time frame and API calls, the solutions architect can identify the IAM user who made the changes and investigate further if needed. This solution meets the requirements stated in the question.