A security team is creating a response plan in the event an employee executes unauthorized actions on AWS infrastructure. They want to include steps to determine if the employee’s IAM permissions changed as part of the incident.
What steps should the team document in the plan?
 

Answer options:

A.Use AWS Config to examine the employee’s IAM permissions prior to the incident and compare them to the employee’s current IAM permissions.
B.Use Macie to examine the employee’s IAM permissions prior to the incident and compare them to the employee’s current IAM permissions.
C.Use CloudTrail to examine the employee’s IAM permissions prior to the incident and compare them to the employee’s current IAM permissions.
D.Use Trusted Advisor to examine the employee’s IAM permissions prior to the incident and compare them to the employee’s current IAM permissions.

Answer is A
Option A is CORRECT because you can use the AWS Config to view the history of a particular item. AWS Config helps you review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines.
Option B is incorrect because AWS Macie is used for data security and data privacy to discover and protect your sensitive data in AWS. It cannot be used to examine IAM permissions and monitor user activities.
Option C is incorrect because Cloud Trail is used to log and track API activity on your AWS environment. They can monitor calls for IAM users but not give details on the permissions they have on AWS
Option D is incorrect because AWS Trusted Advisor helps optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits but it cannot give details on user activities and change of lAM permission on your AWS account.
Below snapshot provides an overview of user configuration and history using AWS Config.
For more information on AWS Config do refer the below URL:
https://aws.amazon.com/config
https://aws.amazon.com/blogs/security/how-to-record-and-govern-your-iam-resource-configurations-using-aws-config/#:~:text=Setting%20up%20AWS%20Config%20is,not%20recorded%20by%20AWS%20Config.&text=A%20versioned%20history%20of%20AWS,configuration%20of%20those%20IAM%20entities.