nerdexam
ExamsSCS-C02Questions#160
AmazonAmazon

SCS-C02 · Question #160

SCS-C02 Question #160: Real Exam Question with Answer & Explanation

The correct answer is B: Filter the AWS CloudTrail event history for the TerminateInstances event and identify the. https://aws.amazon.com/blogs/security/how-to-easily-identify-your-federated-users-by-using-aws-

Submitted by lukas.cz· Mar 6, 2026

Question

A company uses an external identity provider to allow federation into different AWS accounts. A security engineer for the company needs to identify the federated user that terminated a production Amazon EC2 instance a week ago. What is the FASTEST way for the security engineer to identify the federated user?

Options

  • AReview the AWS CloudTrail event history logs in an Amazon S3 bucket and look for the
  • BFilter the AWS CloudTrail event history for the TerminateInstances event and identify the
  • CSearch the AWS CloudTrail logs for the TerminateInstances event and note the event time.
  • DUse Amazon Athena to run a SQL query on the AWS CloudTrail logs stored in an Amazon S3

Explanation

https://aws.amazon.com/blogs/security/how-to-easily-identify-your-federated-users-by-using-aws-

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SCS-C02 PracticeBrowse All SCS-C02 Questions