CLF-C02 • Practice Exam 60
Free CLF-C02 practice exam — 20 questions with explanations. Set 60. No signup required.
A company's security team needs to receive near-real-time notifications whenever an IAM user in their AWS account performs an action that violates a defined baseline of expected behavior. Examples include launching an Amazon EC2 instance in an unauthorized AWS Region or modifying a security group to allow public SSH access from the internet. The solution must analyze continuous streams of AWS API activity to identify suspicious patterns and known malicious IP addresses. Which AWS service should the security team use?