Question list
List of questions
Related questions
Question 219 - PCCSE discussion
Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?
A.
event from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'
B.
event from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'
C.
config from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey', 'DeleteAlarms' ) AND user = 'root'
D.
event from cloud.audit_logs where Risk.Level = 'high' AND user = 'root'
Previous
Next
Your answer:
0 comments
Sorted by
Leave a comment first
