If a user deleted an Amazon S3 bucket without authorization, which service can help identify the user responsible?

Disable ads (and more) with a premium pass for a one time $4.99 payment

Prepare for the Amazon Web Services (CISN 74A) Security Test with our interactive quizzes. Use multiple choice questions with detailed hints and explanations to ace your exam.

AWS CloudTrail is designed specifically to track and log user activity across AWS services, making it the tool most suited to identify which user performed the action of deleting an Amazon S3 bucket without authorization. CloudTrail records API calls made on your account, including details such as the identity of the user who made the call, the time of the event, the source IP address, and other relevant metadata. This allows administrators to perform forensics and analyze how resources were accessed or manipulated.

Using CloudTrail, organizations can investigate incidents by reviewing the event history, which can reveal not only the unauthorized deletion of an S3 bucket but also other events performed by that user, giving insights into their actions leading up to the incident.

Other options may serve different purposes but do not specifically provide the capability to track and log user actions related to AWS service changes like CloudTrail does.

More Multiple Choice Questions