Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 21 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 21
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company has a legacy application that runs on a single Amazon EC2 instance. A security audit shows that the application has been using an IAM access key within its code to access an Amazon S3 bucket that is named DOC-EXAMPLE-BUCKET1 in the same AWS account. This access key pair has the s3:GetObject permission to all objects in only this S3 bucket. The company takes the application offline because the application is not compliant with the company’s security policies for accessing other AWS resources from Amazon EC2.
A security engineer validates that AWS CloudTrail is turned on in all AWS Regions. CloudTrail is sending logs to an S3 bucket that is named DOC-EXAMPLE-BUCKET2. This S3 bucket is in the same AWS account as DOC-EXAMPLE-BUCKET1. However, CloudTrail has not been configured to send logs to Amazon CloudWatch Logs.
The company wants to know if any objects in DOC-EXAMPLE-BUCKET1 were accessed with the IAM access key in the past 60 days. If any objects were accessed, the company wants to know if any of the objects that are text files (.txt extension) contained personally identifiable information (PII).
Which combination of steps should the security engineer take to gather this information? (Choose two.)

  • A. Use Amazon CloudWatch Logs Insights to identify any objects in DOC-EXAMPLE-BUCKET1 that contain PII and that were available to the access key.
  • B. Use Amazon OpenSearch Service to query the CloudTrail logs in DOC-EXAMPLE-BUCKET2 for API calls that used the access key to access an object that contained PII.
  • C. Use Amazon Athena to query the CloudTrail logs in DOC-EXAMPLE-BUCKET2 for any API calls that used the access key to access an object that contained PII.
  • D. Use AWS Identity and Access Management Access Analyzer to identify any API calls that used the access key to access objects that contained PII in DOC-EXAMPLE-BUCKET1.
  • E. Configure Amazon Macie to identify any objects in DOC-EXAMPLE-BUCKET1 that contain PII and that were available to the access key.
Show Suggested Answer Hide Answer
Suggested Answer: CE 🗳️
by aragon_saa at Oct. 3, 2023, 8:22 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
hb0011
1 month ago
Selected Answer: CE
User Macie to find the PII (E). Use Athena to search the CloudTrail bucket (bucket2) to find out who accessed the PII files (C).
upvoted 2 times
...
FunkyFresco
1 month, 2 weeks ago
Selected Answer: CE
C and E
upvoted 2 times
...
shailvardhan
4 months, 1 week ago
Selected Answer: CE
CE are correct options
upvoted 1 times
...
Jlee7
6 months ago
CE final answer. lol
upvoted 1 times
...
3633f8f
9 months, 3 weeks ago
Selected Answer: CE
CE without further discussion.
upvoted 1 times
...
Raphaello
9 months, 3 weeks ago
CE A does not add anything.
upvoted 1 times
...
Raphaello
9 months, 4 weeks ago
CE CloudTrail is not configured to forward findings to CloudWatch in this scenario.
upvoted 1 times
...
Daniel76
10 months, 2 weeks ago
Selected Answer: CE
D - using access analyzer seems to be a possible answer too: https://docs.aws.amazon.com/IAM/latest/UserGuide/logging-using-cloudtrail.html However, C should be better as Athena is used which able to return results to answer whether any object is accessed. Macie is definitely needed to answer whether PII is present.
upvoted 1 times
Daniel76
9 months, 1 week ago
Correction, C is only referring to the information captured in the cloudtrail through access analyzer api. You still need Athena for a quick and convenient search in the logs stored in s3. https://docs.aws.amazon.com/IAM/latest/UserGuide/logging-using-cloudtrail.html#service-name-info-in-cloudtrail
upvoted 1 times
...
...
YR4591
10 months, 3 weeks ago
Selected Answer: CE
Athena send the query results to s3 bucket > Macie can scan s3 bucket
upvoted 4 times
...
[Removed]
11 months, 1 week ago
Selected Answer: C
C and E
upvoted 1 times
...
lalee2
11 months, 1 week ago
my pick is C and E also
upvoted 1 times
...
pupsik
11 months, 2 weeks ago
Selected Answer: CE
CE it is.
upvoted 2 times
...
Sumi81
11 months, 2 weeks ago
CE is correct
upvoted 2 times
...
100fold
11 months, 3 weeks ago
Selected Answer: CE
Agree answer CE
upvoted 2 times
...
tecte
11 months, 3 weeks ago
CE is correct.
upvoted 2 times
...
aragon_saa
1 year ago
https://www.examtopics.com/discussions/amazon/view/89893-exam-aws-certified-security-specialty-topic-1-question-450/
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel