AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A multinational corporation seeks to fortify the security of the top-level user credentials across its numerous cloud accounts, where each account functions under its own operational domain. They intend to put into effect a two-step verification process for all top-level user logins and establish an automatic mechanism for monitoring any top-level credential usage in API calls. Which service should they utilize to automate the monitoring of such activities throughout all operational domains?
The service that enables logging of account actions and automatic detection of top-level user API activity is the correct answer, which is Amazon CloudTrail. It records events that are made within an account and can be set up to generate alerts when specific activities, including those by the top-level account user, are detected. The service known for configuration tracking is not suitable for monitoring account activities directly. The service responsible for identity management does not offer automated detection or alerting for specific user actions. The service focused on threat detection primarily monitors for unusual activity but is not specifically designed for tracking the usages of top-level user credentials.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon CloudTrail and how does it work?
Open an interactive chat with Bash
What are the differences between AWS Config and CloudTrail?
Open an interactive chat with Bash
How does automated monitoring of API call activities enhance security?