🔥 3-day streak
AWS Certified Security - Specialty3 / 157
Question 3 of 157
A security engineer is performing root cause analysis for an incident that spanned three AWS accounts and two Regions. CloudTrail logs are delivered to a central S3 bucket in a dedicated log-archive account, partitioned by account, Region, and date. The engineer needs to run ad hoc SQL queries across all accounts and Regions to reconstruct the attacker's API activity timeline, while keeping query costs low and avoiding data movement. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question