Amazon Web Services SCS-C02 Exam With Confidence Using Practice Dumps

The fastest way to identify the federated user who terminated a production Amazon EC2 instance is to filter the IAM CloudTrail event history for the TerminateInstances event and identify the assumed IAM role. Then, review the AssumeRoleWithSAML event call in CloudTrail to identify the corresponding username. This method does not require any additional tools or queries, and it directly links the IAM role with the federated user.

Option A is incorrect because the role session name may not be the same as the federated user name, and it may not be unique or descriptive enough to identify the user.

Option C is incorrect because the IAM Access Advisor tab only shows when a role was last accessed, not by whom or for what purpose. It also does not show the specific time of access, only the date.

Option D is incorrect because using Amazon Athena to run SQL queries on the IAM CloudTrail logs is not the fastest way to identify the federated user, as it requires creating a table schema and running multiple queries. It also assumes that the federation is done using web identity providers, not SAML providers, as indicated by the AssumeRoleWithWebIdentity event. References:

AWS Identity and Access Management

Logging AWS STS API Calls with AWS CloudTrail

[Using Amazon Athena to Query S3 Data for CloudTrail Analysis]

Enable GuardDuty:

GuardDuty provides monitoring for EKS clusters by analyzing EKS audit logs.

Automatic Configuration:

No additional setup for the EKS deployment is needed. GuardDuty directly monitors API calls to detect suspicious or unauthenticated access.

Advantages:

Minimal Effort: No operational overhead for configuration.

Proactive Detection: Alerts for unauthorized or suspicious activity in near-real-time.

Amazon GuardDuty for EKS

EKS Audit Log Monitoring

you need to configure the Amazon Inspector agent to use the CVE rule package, which is a set of rules that check for vulnerabilitiesand exposures on your EC2 instances5. You also need to install an additional integration library that enables communication between the Amazon Inspector agent and Security Hub6. Security Hub is a service that provides you with a comprehensive view of your securitystate in AWS and helps you check your environment against security industry standards and best practices7. The other options are either incorrect or incomplete for meeting the requirement.