New Year Special - 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac75sure

Which ROL query is used to detect certain high-risk activities executed by a root user...

Paloalto Networks CloudSec-Pro Full Course Access
Paloalto Networks CloudSec-Pro View All Questions

Which ROL query is used to detect certain high-risk activities executed by a root user in AWS?

A.

event from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'

B.

event from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'

C.

config from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey', 'DeleteAlarms' ) AND user = 'root'

D.

event from cloud.audit_logs where Risk.Level = 'high' AND user = 'root'

CloudSec-Pro PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now CloudSec-Pro pdf
Get 75% Discount on All Products, Use Coupon: "ac75sure"
Next
Given the following RQL:event from cloud.
An administrator has been tasked with creating a custom service that will download any existing...
Previous