exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 49 discussion

A company discovers a billing anomaly in its AWS account. A security consultant investigates the anomaly and discovers that an employee who left the company 30 days ago still has access to the account. The company has not monitored account activity in the past.
The security consultant needs to determine which resources have been deployed or reconfigured by the employee as quickly as possible.
Which solution will meet these requirements?

  • A. In AWS Cost Explorer, filter chart data to display results from the past 30 days. Export the results to a data table. Group the data table by resource.
  • B. Use AWS Cost Anomaly Detection to create a cost monitor. Access the detection history. Set the time frame to Last 30 days. In the search area, choose the service category.
  • C. In AWS CloudTrail, filter the event history to display results from the past 30 days. Create an Amazon Athena table that contains the data. Partition the table by event source.
  • D. Use AWS Audit Manager to create an assessment for the past 30 days. Apply a usage-based framework to the assessment. Configure the assessment to assess by resource.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
100fold
Highly Voted 1 year, 1 month ago
Selected Answer: C
Answer C. CloudTrail for as quickly as possible. Look up events related to the creation, modification, or deletion of resources in your AWS account. AWS Cost Anomaly Detection: For a new service subscription, 10 days of historical service usage data is needed before anomalies can be detected for that service. If you create a new monitor, it can take up to 24 hours to begin detecting new anomalies.
upvoted 9 times
...
FunkyFresco
Most Recent 3 months, 2 weeks ago
Selected Answer: C
Option C, cloud trail.
upvoted 1 times
...
Raphaello
9 months, 4 weeks ago
Selected Answer: C
To investigate a certain user and find what resources that IAM user created over past period, CloudTrail is the tool to use.
upvoted 1 times
...
awssecuritynewbie
10 months ago
Selected Answer: C
I think C is the best answer but Athena is over kill
upvoted 1 times
...
WeepingMaplte
11 months, 4 weeks ago
Think only Cloudtrail records down resources reconfigured by the employee.
upvoted 1 times
...
Daniel76
1 year ago
Selected Answer: C
The investigation was triggered by cost anomaly but that is not the only concern. The security engineer needs to find out what has been deployed as well as reconfigured, so AWS Cost explorer or Anomaly detection will not do the job. Only CloudTrail and Anthena will be the most effective method. Cost should have nothing to do with compliance so audit manager will not help.
upvoted 2 times
...
Ernestokoro
1 year ago
Ans is B! Please see link below: https://docs.aws.amazon.com/cost-management/latest/userguide/getting-started-ad.html
upvoted 1 times
Aamee
1 year ago
Don't think it can be B. See this comment above: "AWS Cost Anomaly Detection: For a new service subscription, 10 days of historical service usage data is needed before anomalies can be detected for that service. If you create a new monitor, it can take up to 24 hours to begin detecting new anomalies."
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...