You just joined a team as an AWS security specialist. You need to quickly examine if there are some commonly seen security issues in one AWS account. For example, you want to check if MFA is enabled for the root account and if certain S3 buckets grant global access. It is known that the AWS account did not enable AWS Config. Which tool or service would you use to get the required information?

Answer options:

A.Check the security category of Trusted Advisor to see if there are any problems detected or actions recommended.
B.Enable AWS GuardDuty to automatically detect security issues or threats that are happening for the AWS resources.
C.Enable AWS Config. Set up AWS provided Config rules to check security issues and provide alerts via SNS notifications if the rules are not compliant.
D.Configure CloudTrail + Amazon Athena to analyze the AWS resource activities. Find out potential security issues in the AWS account.

Correct Answer – A
AWS Trusted Advisor could check security items, including MFA on Root Account, Amazon S3 Bucket Permissions, Amazon EBS Public Snapshots, etc. You can use it to get a quick view of the security of the AWS environment. Please refer to https://aws.amazon.com/premiumsupport/technology/trusted-advisor/ for how AWS Trusted Advisor works.
Option A is CORRECT: The security findings provided by Trusted Advisor can help you to get the required information:
Option B is incorrect: Amazon GuardDuty is an intelligent threat detection service. However, it takes time to get the required information.
Option A is a much simpler solution.
Option C is incorrect: Because you have to configure several AWS Config rules to get all the security information. Trusted Advisor is faster than this option.
Option D is incorrect: CloudTrail + Amazon Athena can analyze CloudTrail logs via SQL queries. But this method cannot quickly identify security issues.