Exhibit
CloudTrail log entry (JSON):
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"arn": "arn:aws:sts::123456789012:assumed-role/AdminRole/JohnDoe",
"accountId": "123456789012",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAEXAMPLEID",
"arn": "arn:aws:iam::123456789012:role/AdminRole",
"accountId": "123456789012",
"userName": "AdminRole"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2025-03-15T14:30:00Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2025-03-15T14:35:00Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "TerminateInstances",
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.50",
"userAgent": "console.amazonaws.com",
"requestParameters": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678"}]
}
},
"responseElements": {
"instancesSet": {
"items": [{"instanceId": "i-0abcd1234efgh5678", "currentState": {"code": 32, "name": "shutting-down"}}]
}
}
}- A
The event occurred in us-east-1.
Why wrong: Not a security concern.
- B
The instance was terminated by an assumed role.
Why wrong: This is normal for authorized users.
- C
The source IP is from a public IP.
Why wrong: Expected for console access.
- D
The user did not authenticate with MFA.
Correct; lack of MFA reduces security.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.