Practise the standard verbs for analysing CloudTrail logs during an investigation.
0 / 5 completed
1 / 5
Fill in: 'We ___ CloudTrail across every account and region so an API call made anywhere in the organization is captured, not just the ones happening in a single primary account.'
We 'enable CloudTrail' — the standard, established collocation for turning on organization-wide API call logging. The other options aren't the recognised term here.
2 / 5
Fill in: 'Leaving CloudTrail disabled in a secondary region can ___ an attacker's activity there completely invisible during an incident investigation weeks later.'
We say a disabled region will 'leave' activity invisible — the standard, natural collocation for the resulting blind spot. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ CloudTrail logs for unusual API call patterns continuously with automated detection rules, rather than only reading them manually after an incident is already suspected.'
We 'scan logs' — the standard, simple collocation for automatically searching a large volume of records for anomalies. The other options are less idiomatic here.
4 / 5
Fill in: 'We ___ CloudTrail log files to a separate, locked-down account, so an attacker who compromises the primary account can't simply delete the evidence of their own actions.'
We 'replicate log files' — the standard, established collocation for copying logs to an isolated destination for integrity. The other options aren't the recognised term here.
5 / 5
Fill in: 'We ___ a suspicious API call sequence in CloudTrail step by step during an investigation, reconstructing exactly what an actor did and in what order.'
We 'trace a sequence' — the standard, simple collocation for following a chain of recorded events during an investigation. The other options are less idiomatic here.