Home › BCA Cloud Computing › cloudcomputing › cloudsecurity › An auditor needs to know who deleted a critical …
An auditor needs to know who deleted a critical database resource last week. Which type of log answers this?
AThe application's debug log of HTTP request bodies
BAn audit log of administrative API actions (e.g. AWS CloudTrail, Azure Activity Log, GCP Cloud Audit Logs)
CThe OS kernel's syslog from the day before
DThe user's browser autocomplete history
Answer & Solution
Correct answer: B. An audit log of administrative API actions (e.g. AWS CloudTrail, Azure Activity Log, GCP Cloud Audit Logs)
Cloud audit logs record who called which admin API at what time. Application debug logs and kernel logs may have related signal but aren't the canonical record. Browser autocomplete is irrelevant.
Related questions
The defense-in-depth model recommends:A workload makes outbound HTTP requests to update some on-prem inventory. The on-prem systWhich security model assumes that no network location is inherently trusted and verifies eAn organisation wants a single sign-on across AWS, Microsoft 365, and Salesforce so users Why is rotating credentials (passwords, access keys, certificates) on a schedule a best prA virtual firewall that controls allowed inbound and outbound traffic on a single VM in a A cloud provider's shared responsibility model on IaaS typically states that:What does the principle of least privilege recommend when assigning permissions in any clo