A security engineer is investigating a potential security incident in an AWS account. The engineer needs to determine which user or role performed a specific API call that created a new security group. Which THREE AWS tools can the engineer use to find this information? (Choose THREE.)
Event history provides a searchable view of the last 90 days of API calls.
Why this answer
Option A, D, and E are correct. CloudTrail logs all API calls, including who made the call. CloudTrail event history provides a view of the last 90 days.
AWS Config records configuration changes, including security group creation. Option B is wrong because CloudWatch Logs does not capture API calls unless specifically configured. Option C is wrong because VPC Flow Logs capture network traffic, not API calls.