SCS-C02 · Question #70
SCS-C02 Question #70: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #70. The question stem and answer options stay visible for context.
Question
A security team has received an alert from Amazon GuardDuty that AWS CloudTrail logging has been disabled. The security team's account has AWS Config, Amazon Inspector, Amazon Detective, and AWS Security Hub enabled. The security team wants to identify who disabled CloudTrail and what actions were performed while CloudTrail was disabled. What should the security team do to obtain this information?
Options
- AUse AWS Config to search for the CLOUD_TRAIL_ENABLED event. Use the configuration
- BUse Amazon Inspector to find the details of the CloudTrailLoggingDisabled event from
- CUse Detective to find the details of the CloudTrailLoggingDisabled event from GuardDuty,
- DUse GuardDuty to find which user generated the CloudTrailLoggingDisabled event. Use Security
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.