Q17 — AWS SCS-C02 Ch.1

Question 17 of 100 | ← Chapter 1

A company discovers a billing anomaly in its AWS account. A security consultant investigates the anomaly and discovers that an employee who left the company 30 days ago still has access to the account. The company has not monitored account activity in the past.  The security consultant needs to determine which resources have been deployed or recongured by the employee as quickly as possible.  Which solution will meet these requirements?

Correct Answer: C. In AWS CloudTrail, lter the event history to display results from the past 30 days. Create an Amazon Athena table that contains the data. Partition the table by event source.

Explanation

AWS CloudTrail 记录了账户的 API 活动,包括用户操作和资源变更事件。通过筛选最近 30 天的事件历史,可以追溯离职员工的具体操作。结合 Amazon Athena 对 CloudTrail 日志进行查询与分析,能够快速识别被修改或部署的资源。其他选项如 Cost Explorer(成本数据聚合)、Cost Anomaly Detection(费用异常告警)、Audit Manager(合规评估)均无法直接关联到具体用户操作事件的追踪与分析。选项 C 直接利用操作日志与查询工具的组合,符合问题中“快速确定资源变更”的核心需求。参考 AWS 文档中关于 CloudTrail 事件历史与 Athena 集成分析的操作场景。