nerdexam
ExamsDVA-C02Questions#420
AmazonAmazon

DVA-C02 · Question #420

DVA-C02 Question #420: Real Exam Question with Answer & Explanation

The correct answer is A: Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is. AWS CloudTrail is the service that records all API calls made in an AWS account, including who made the call (IAM user/role), when, and from where - making it the definitive source for auditing actions like DeleteDBInstance. Since CloudTrail retains event history for 90 days by d

Submitted by obi.ng· Mar 5, 2026Monitoring and Troubleshooting

Question

A company had an Amazon RDS for MySQL DB instance that was named mysql-db. The DB instance was deleted within the past 90 days. A developer needs to find which IAM user or role deleted the DB instance in the AWS environment. Which solution will provide this information?

Options

  • ARetrieve the AWS CloudTrail events for the resource mysql-db where the event name is
  • BRetrieve the Amazon CloudWatch log events from the most recent log stream within the
  • CRetrieve the AWS X-Ray trace summaries. Filter by services with the name mysql-db. Inspect the
  • DRetrieve the AWS Systems Manager deletions inventory. Filter the inventory by deletions that

Explanation

AWS CloudTrail is the service that records all API calls made in an AWS account, including who made the call (IAM user/role), when, and from where - making it the definitive source for auditing actions like DeleteDBInstance. Since CloudTrail retains event history for 90 days by default (or longer if configured with a trail to S3), searching for the DeleteDBInstance event filtered by the resource name mysql-db will reveal exactly which principal performed the deletion.

Why the distractors are wrong:

  • B (CloudWatch Logs): CloudWatch collects application and infrastructure logs (e.g., RDS error logs, Lambda logs), not API-level audit trails of who performed AWS console/API actions.
  • C (X-Ray): X-Ray is a distributed tracing service for debugging application performance and request flows - it has no knowledge of IAM actions or resource deletions.
  • D (Systems Manager Inventory): SSM Inventory collects configuration metadata from managed EC2 instances and on-premises servers; it does not track RDS deletions or IAM activity.

Memory tip: Think of CloudTrail as the "security camera" for your AWS account - any time you need to answer "who did what, and when?", CloudTrail is the answer. If the question involves auditing, compliance, or accountability for API actions, CloudTrail is almost always correct.

Topics

#AWS CloudTrail#Auditing#IAM#RDS

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full DVA-C02 PracticeBrowse All DVA-C02 Questions