Amazon Web Services (AWS) - Set #4

Powered by Techhyme.com

You have a total of 130 minutes to finish the practice test of AWS Certified SysOps Administrator to test your knowledge.

151. Which of these is a use case for Amazon CloudWatch?
  • A. Infrastructure automation and orchestration
  • B. Infrastructure security and privacy
  • C. Infrastructure patching and updates
  • D. Infrastructure monitoring and troubleshooting
Answer - D
Explanation - Amazon CloudWatch is well-suited for infrastructure monitoring and troubleshooting since it collects both availability and performance metrics. It can also collect HTTP responses on web servers, so it can monitor for issues like bad response codes.
152. Which of these is a use case for Amazon CloudWatch?
  • A. Resource management
  • B. Resource optimization
  • C. Resource allocation
  • D. Resource security
Answer - B
Explanation - Since Amazon CloudWatch is able to monitor availability and performance metrics, it provides a great use case for those who need to benefit from resource optimization.
153. Which of these is a use case for Amazon CloudWatch?
  • A. Application load balancing
  • B. Application routing
  • C. Application monitoring
  • D. Application geolocation
Answer - C
Explanation - Amazon CloudWatch is able to provide monitoring for applications. For web applications, it can monitor you can use the Amazon CloudWatch agent to retrieve events from applications.
154. Which of these is a use case for Amazon CloudWatch?
  • A. Log storage
  • B. Log retention
  • C. Log rotation
  • D. Log analytics
Answer - D
Explanation - Amazon CloudWatch allows you to collect, analyze, and visualize your logs. This allows you to customize dashboards for relevant information so that you can better monitor for issues and for performance.
155. Your boss wants to be able to search for specific data from an event field and have those queries appear on an Amazon CloudWatch Dashboard. Since you have queries built in regex already, how would you use the regex queries to search for the data from an event field?
  • A. Amazon CloudWatch Logs Insights
  • B. Amazon Kinesis
  • C. Amazon Athena
  • D. Amazon RedShift
Answer - A
Explanation - Amazon CloudWatch Logs Insights is a managed service that allows you to query large sets of logs. You can even use regex to extract data from event fields. Amazon Kinesis performs real-time processing of streaming data but is not intended to be used for monitoring with logs. Amazon Athena is a query service designed to work with S3, and Amazon RedShift is a data warehousing solution.
156. Which product allows you to take Amazon CloudWatch logs and use interactive queries and visualizations with the data in addition to creating Amazon CloudWatch Dashboards?
  • A. Amazon CloudWatch Logs
  • B. Amazon CloudWatch Events
  • C. Amazon CloudWatch Logs Insights
  • D. Amazon CloudWatch
Answer - C
Explanation - Amazon CloudWatch Logs Insights allows you to run interactive queries against your logs and create visualizations that include dashboards in Amazon CloudWatch. Amazon CloudWatch, Amazon CloudWatch Logs, and Amazon CloudWatch Events do not give you that capability by themselves.
157. Which open-source solutions are popular for gathering custom application metrics for Amazon CloudWatch?
  • A. REST
  • B. Solarwinds
  • C. collectd
  • D. dmesg
  • E. StatsD
Answer - E
Explanation - In October 2018, AWS introduced the ability to use StatsD and collectd to collect custom metrics to be consumed by Amazon CloudWatch.
158. Your monitoring team has asked you if there is a way to integrate Amazon CloudWatch graphs into their existing solution so that they can see on-prem and AWS systems from the same source. What should you tell them to use?
  • A. Amazon CloudWatch Logs
  • B. Amazon CloudWatch Logs agent
  • C. Amazon CloudWatch snapshot graphs
  • D. Amazon CloudWatch APIs
Answer - C
Explanation - Amazon CloudWatch snapshot graphs allow you to display charts on a web page or a third-party tool. This functionality is not provided by Amazon CloudWatch Logs, the Amazon CloudWatch Logs agent, or Amazon CloudWatch APIs.
159. What is a common use case for AWS CloudTrail?
  • A. Firewalling
  • B. Compliance aid
  • C. API management
  • D. Monitoring logs
Answer - B
Explanation - As AWS CloudTrail monitors all API access, it is able to provide a history of all actions taken on your account, so it is useful in aiding compliance efforts. AWS CloudTrail does not provide firewalling, API management, or log monitoring.
160. What is a common use case for AWS CloudTrail?
  • A. Monitoring logs
  • B. Detecting application issues
  • C. Detecting data exfiltration
  • D. Detecting HTTP response codes
Answer - C
Explanation - AWS CloudTrail can be used to detect data exfiltration by collecting activity data from your S3 buckets. Amazon CloudWatch is the tool that monitors logs and detects application issues and HTTP response codes.
161. What is a common use case for AWS CloudTrail?
  • A. Installing software
  • B. Installing patches
  • C. Monitoring for installed software
  • D. Security analysis
Answer - D
Explanation - AWS CloudTrail is a great fit for security analysis as its data can be fed into a SIEM to look at end user behavior. AWS Systems Manager is used for installing software and patches and monitoring for installed software.
162. What is a common use case for AWS CloudTrail?
  • A. Operational issue troubleshooting
  • B. Installing security updates
  • C. Monitoring logs
  • D. Monitoring for HTTP response codes
Answer - A
Explanation - AWS CloudTrail allows you to review the most recent changes in your AWS environment, which provides greater visibility into actions that may cause operational issues. AWS Systems Manager is responsible for installing security updates, and Amazon CloudWatch handles monitoring logs and HTTP response codes.
163. Which data event type in AWS CloudTrail allows you to see when an AWS Lambda function was executed and who executed it?
  • A. Invoke API
  • B. Management events
  • C. AWS Lambda logs
  • D. Log
Answer - A
Explanation - Invoke API allows you to see when and who executed an AWS Lambda function. Management events are also used in AWS CloudTrail to monitor AWS Lambda creation, modification, and delete events, but management events don’t include the who and the when. AWS Lambda sends logs to Amazon CloudWatch and AWS CloudTrail depending on what the AWS Lambda function is doing. There is no log data event type.
164. For regulatory purposes, you need to ensure that AWS CloudTrail trail data is stored for one year with easy access, and then you want the trail data to be deleted. Which solution provides the correct response with the least amount of administrative effort?
  • A. Save trails to S3 and manually delete data after one year.
  • B. Save trails to S3 and create a script that runs daily and deletes trails older than one year.
  • C. Save trails to S3 and use lifecycle policies to delete trails older than one year.
  • D. There is no way to accommodate this request in AWS.
Answer - C
Explanation - The solution with the least amount of administrative effort would be to save the AWS CloudTrail trails to S3 and create a lifecycle policy that will automatically delete trails older than one year.
165. Name one of the benefits of using AWS Systems Manager?
  • A. Monitoring logs
  • B. Monitoring API calls
  • C. Monitoring vulnerabilities in your environment
  • D. Detecting problems more quickly
Answer - D
Explanation - AWS Systems Manager provides a dashboard that allows you to view your resources in resource groups. Since you can group together all the resources supporting an application, for example, you can get a really good picture on any issues that would affect the uptime or usability of an application. Amazon CloudWatch monitors logs, AWS CloudTrail monitors API calls, and Amazon Inspector monitors vulnerabilities in your environment.
166. Name one of the benefits of using AWS Systems Manager?
  • A. API Management
  • B. Automation
  • C. Federated access
  • D. Log monitoring
Answer - B
Explanation - AWS Systems Manager makes it simple to automate ,common administrative jobs with its various components like Run Command, Patch Manager, and State Manager. The Amazon API Gateway provides API management, federated access can be set up in AWS IAM, and Amazon CloudWatch provides log monitoring.
167. Name one of the benefits of using AWS Systems Manager?
  • A. Improve network accessibility
  • B. Improve visibility and control
  • C. Improve security assessments
  • D. Improve API management
Answer - B
Explanation - AWS Systems Manager improves visibility and control of your assets using resource groups and integrations with AWS Config that allow you to view changes to your resources. Amazon Inspector provides security assessments and can be used to tighten down network accessibility on servers. API management is accomplished with the Amazon API Gateway.
168. Name one of the benefits of using AWS Systems Manager?
  • A. Manages hybrid cloud environments
  • B. Improves visibility into logs
  • C. Makes security assessments more accessible
  • D. Provides visibility into API calls
Answer - A
Explanation - AWS Systems Manager provides the management capability via the SSM agent to manage both on-prem and AWS resources from a single console. Visibility into logs is provided by Amazon CloudWatch, security assessments are provided by Amazon Inspector, and AWS CloudTrail provides visibility into API calls.
169. Name one of the benefits of using AWS Systems Manager?
  • A. Manage API calls
  • B. Perform security assessments
  • C. Maintain security and compliance
  • D. Monitor logs
Answer - C
Explanation - AWS Systems Manager gives you the ability to maintain security and compliance by providing a central management console to manage patching and configurations (through a tie-in with AWS Config). Managing API calls is provided by the Amazon API Gateway, security assessments are performed with Amazon Inspector, and logs are monitored through Amazon CloudWatch.
170. What is the benefit of the Run Command in AWS Systems Manager?
  • A. Provides console access to the system without the need for remote access ports to be open
  • B. Provides console access to Linux hosts via SSH
  • C. Provides automation of tasks so long as remote access ports are open
  • D. Provides automation of tasks without the need for remote access
Answer - D
Explanation - The Run Command provides a way to automate common administrative tasks without the need for remote access provided by opening up SSH or RDP or by using bastion hosts. Session Manager provides console access without the need to open up the common administrative ports for SSH, as an example.
171. What is the benefit of the Session Manager in AWS Systems Manager?
  • A. Allows remote console sessions via an interactive web browser with no need to open inbound ports
  • B. Allows remote console sessions via an interactive web browser once the necessary ports are open
  • C. Allows configuration management and tracking
  • D. Allows management of APIs
Answer - A
Explanation - Session Manager within AWS Systems Manager allows remote console sessions via an interactive web browser with no need to open inbound ports or use bastion hosts to access your systems. Configuration management and tracking are provided by the AWS Systems Manager State Manage and AWS Config. API management is provided by the Amazon API Gateway.
172. What is the benefit of the Patch Manager in AWS Systems Manager?
  • A. Patch management and reporting for Windows systems only
  • B. Patch management and reporting for Linux systems only
  • C. Patch management and reporting for AWS systems only
  • D. Patch management and reporting for on-prem and AWS systems
Answer - D
Explanation - AWS Systems Manager Patch Manager provides patch management and reporting for both Linux and Windows systems on-prem and in the cloud.
173. What is the benefit of the State Manager in AWS Systems Manager?
  • A. Backs up system state for on-prem and AWS resources
  • B. Backs up system state for AWS resources only
  • C. Provides configuration management for onprem and AWS resources
  • D. Provides configuration management for AWS resources only
Answer - C
Explanation - State Manager provides configuration management for both on-prem and AWS resources so long as the AWS Systems Manager SSM agent is installed. It does not control backups.
174. What is the benefit of the Parameter Store in AWS Systems Manager?
  • A. Centralized storage of license keys, database stings, and secrets
  • B. Used only to store secrets for AWS KMS
  • C. Used only to store secrets for AWS IAM
  • D. Used only to store parameters for AWS Lambda
Answer - A
Explanation - The Parameter Store provides a centralized storage repository for license keys, database strings, secrets, and other configuration data. It is able to interact with AWS KMS, AWS IAM, and AWS Lambda, but it is not limited to working with these services.
175. Your boss would like to have a single “source of truth” to run queries against the data from the AWS services you use. Is there a way to accomplish this within AWS?
  • A. Yes, you can query data from the other AWS services with Amazon CloudWatch.
  • B. Yes, you can query data from the other AWS services with Amazon Athena.
  • C. Yes, you can query data from the other AWS services with AWS CloudTrail.
  • D. No, there is not a way to accomplish this in AWS.
Answer - B
Explanation - With Amazon Athena, you can query data across a multitude of AWS services, including AWS CloudTrail, Amazon CloudFront, Elastic Load Balancer, Amazon Virtual Private Cloud, Amazon CloudFormation, AWS Glue Data Catalog, Amazon QuickSight, and IAM. Amazon CloudWatch is used for monitoring logs, and AWS CloudTrail is used for monitoring API calls.
176. Which AWS product allows you to analyze the data within Amazon S3 and run queries against it?
  • A. Amazon CloudFront
  • B. Amazon RDS
  • C. Amazon Athena
  • D. AWS Lambda
Answer - C
Explanation - Amazon Athena gives you the capability to analyze the data contained within your S3 buckets and run queries against that data. Amazon CloudFront is a caching and content delivery service that can use S3 as an origin server. Amazon RDS is a relational database system, and AWS Lambda is a serverless solution that allows you to run code that is triggered by a schedule or an event.
177. Your boss wants to be able to not only analyze the data from the various services you use in AWS but also visualize that data. Which two services will allow you to analyze the data from the AWS services and visualize the data as well? (Choose two.)
  • A. Amazon Athena
  • B. Amazon QuickSight
  • C. AWS CloudTrail
  • D. AWS Lambda
  • E. Amazon Inspector
Answer - A, B
Explanation - Amazon Athena integrates seamlessly with Amazon QuickSight. Amazon Athena allows you to analyze the data in S3, while Amazon QuickSight allows you to more easily visualize your data. AWS CloudTrail is used to monitor API calls; AWS Lambda is a serverless solution for running code on a schedule or by a trigger. Amazon Inspector is a security assessment tool.
178. You need a location where you can store persistent metadata related to Amazon S3. Which AWS service will allow you to accomplish this task?
  • A. Amazon Athena
  • B. AWS Glue Data Catalog
  • C. Amazon RDS
  • D. Amazon Elasticache
Answer - B
Explanation - The AWS Glue Data Catalog is purpose-built to store persistent metadata for Amazon S3. Amazon Athena is used to query data in S3, Amazon RDS is a relational database service, and Amazon Elasticache is an inmemory data store used to improve performance.
179. Your boss wants to be able to use visualizations within Amazon QuickSight, and to be able to use Active Directory security groups with the least amount of administrative effort. You are using AWS Directory Service already. Which edition of Amazon QuickSight should you choose?
  • A. Developer
  • B. Standard
  • C. Basic
  • D. Enterprise
Answer - D
Explanation - Amazon QuickSight has two editions, Standard and Enterprise. The Enterprise Edition will support Active Directory groups from AWS Directory Service. The Standard edition allows you to invite IAM users, or users directly with an email address. Developer and basic are not valid edition names for Amazon QuickSight.
180. How is Amazon QuickSight billed?
  • A. Pay-per-session
  • B. Pay-per-transaction
  • C. Pay-per-minute
  • D. Pay-per-hour
Answer - A
Explanation - Amazon QuickSight is billed on a pay-per-session rate. You pay only for what you use.
181. What is one of the benefits of Amazon Athena?
  • A. Amazon Athena is available for a flat monthly rate.
  • B. Amazon Athena is free.
  • C. Amazon Athena is a serverless solution.
  • D. Amazon Athena only requires one server.
Answer - C
Explanation - Amazon Athena is a serverless solution that is capable of scaling from few to many users running queries. It is not free; you pay per query at a rate of $5 per terabyte scanned by the query.
182. What is one of the benefits of Amazon Athena?
  • A. Supports standard SQL
  • B. Supports proprietary SQL
  • C. Uses EBS as its data store
  • D. Needs input to be in JSON or CSV
Answer - A
Explanation - Amazon Athena supports the use of standard SQL and can use quite a few data formats, including JSON and CSV, though these are certainly not the only data formats it accepts. Supporting proprietary SQL would not be a benefit. Amazon Athena uses Amazon S3 as its data store, not Amazon EBS.
183. How is Amazon Athena billed?
  • A. Per session
  • B. Per transaction
  • C. Per query, $1/TB scanned
  • D. Per query, $5/TB scanned
Answer - D
Explanation - Amazon Athena is billed per query at a rate of $5 per terabyte scanned by the query.
184. What is one of the benefits of Amazon Athena?
  • A. Uses SQS to queue queries
  • B. Uses parallel query execution
  • C. Uses Elasticache to speed up query execution
  • D. Uses DynamoDB to speed up query execution
Answer - B
Explanation - Amazon Athena is able to execute queries quickly because it uses parallel query execution, meaning that more than one query can run at any given time. It does not use SQS to queue queries, nor does it use Elasticache or DynamoDB.
185. What is a common use case for AWS Config?
  • A. Security assessments
  • B. Continuous monitoring of API calls
  • C. Continuous monitoring of logs
  • D. Continuous monitoring of configuration changes
Answer - D
Explanation - One of the most common use cases for AWS Config is continuous monitoring of configuration changes. Security assessments are handled by Amazon Inspector, AWS CloudTrail monitors API calls, and Amazon CloudWatch monitors logs.
186. What is a common use case for AWS Config?
  • A. Help troubleshoot issues related to configuration changes.
  • B. Help troubleshoot issues related to permissions.
  • C. Help troubleshoot issues related to storage space.
  • D. Help troubleshoot issues related to processor usage.
Answer - A
Explanation - AWS Config is very useful when troubleshooting issues related to configuration changes. AWS IAM will allow you to perform modeling of permissions, and AWS CloudTrail will let you look at API calls to see if they were rejected due to inappropriate permissions. Amazon CloudWatch can be used to help troubleshoot issues with storage space and processor usage.
187. What is a common use case for AWS Config?
  • A. Audit configurations for vulnerabilities.
  • B. Audit configurations for compliance with organizational baselines.
  • C. Audit configurations for best practices.
  • D. Audit configurations for bad AMI IDs.
Answer - B
Explanation - You can use AWS Config to audit configurations for compliance with organizational baselines. This simplifies both security and compliance initiatives. Vulnerabilities fall under security assessments, which would be Amazon Inspector. Best practices are typically reported by AWS Trusted Advisor (according to the Well-Architected Framework). AMI IDs are not checked by AWS Config, so you need to ensure that you are using the correct AMI ID for the region that you are in.
188. What is a common use case for AWS Config?
  • A. View compliance status of API calls made in the environment.
  • B. View compliance status of services based on logs.
  • C. View compliance status for configurations across multiple AWS accounts.
  • D. View compliance status of password policy in AWS IAM.
Answer - C
Explanation - You can use AWS Config as an enterprise configuration management tool. It allows you to view the compliance status for configurations across multiple AWS accounts. It does not provide compliance status based on API calls, logs, or password policies.
189. What is a common use case for AWS Config?
  • A. Improve change management capabilities and tracking.
  • B. Improve security assessment capabilities.
  • C. Improve monitoring of logs.
  • D. Improve monitoring of APIs.
Answer - A
Explanation - AWS Config can help you mature your change management program as you can track what changes were made by whom, and if they cause an outage, you can see if the change was actually an approved change. Security assessments are performed by Amazon Inspector. Logs are monitored by Amazon CloudWatch, and APIs are monitored by AWS CloudTrail.
190. What is a common use case for Amazon Inspector?
  • A. Identify exploits on the network.
  • B. Identifying vulnerabilities in applications
  • C. Identifying best practices according to the Well-Architected Framework
  • D. Identifying configuration changes in your environment
Answer - B
Explanation - Amazon Inspector allows you to inspect applications from the beginning of development to an application that’s in production to minimize vulnerabilities as much as possible. Amazon GuardDuty monitors and identifies exploit traffic on the network. AWS Trusted Advisor gives you best practices according to the Well-Architected Framework. AWS Config helps you to identify configuration changes in your environment.
191. What is a common use case for Amazon Inspector?
  • A. Assess configurations for changes to your environment.
  • B. Assess the API calls in your environment for API usage that is not secure.
  • C. Alert you to a misconfiguration on a NACL that would prevent outbound traffic.
  • D. Assess your AWS environment against security best practices.
Answer - D
Explanation - Amazon Inspector can be used to assess your AWS environment against security best practices. Configuration changes are monitored by AWS Config; API calls are monitored by AWS CloudTrail, though not for security-specific incidents. Finally, while Amazon Inspector can tell you if there might be an inbound misconfiguration, it is not designed to tell you if there is an outbound configuration issue with a NACL.
192. What is a common use case for Amazon Inspector?
  • A. Identify attack traffic on the network.
  • B. Monitor API calls being used in your environment.
  • C. Perform assessments within the CI/CD pipeline.
  • D. Identify configuration changes that have occurred.
Answer - C
Explanation - In DevSecOps, you move security assessments to the left so that they occur earlier in the process. Since Amazon Inspector is API driven, you can have it perform a security assessment whenever a new release is checked into source control. Amazon GuardDuty identifies malicious traffic on the network. AWS CloudTrail is used to monitor API calls, and AWS Config is used to identify configuration changes.
193. What is a common use case for Amazon Inspector?
  • A. Validate security best practices during application development.
  • B. Validate that current patch levels are correct and patch if they are not.
  • C. Validate that user access for AWS services is appropriate.
  • D. Validate that configurations meet your organization’s baselines.
Answer - A
Explanation - Since the results of the assessments done by Amazon Inspector can be made visible to your security team, you are better able to validate that you are following security best practices. Validating patch levels and installing patches is done by Patch Manager, a component of AWS Systems Manager. Validating that the user access is appropriate is something that should be done via your IAM team. Validating configurations against organizational baselines is done with AWS Config.
194. What is a common use case for Amazon Inspector?
  • A. Support development shops that use Waterfall methodology.
  • B. Support development shops that use Agile methodology.
  • C. Monitor API calls for insecure requests.
  • D. Monitor for unauthorized configuration changes.
Answer - B
Explanation - With Amazon Inspector, you can better support your developers who use Agile methodology. Agile stresses small frequent releases, and Amazon Inspector can scan each of these incremental releases for issues before they make it to production. Fixes can be produced quickly and released. Waterfall is an old methodology that relies on less frequent and larger releases, and it makes fixing new security issues more difficult. AWS CloudTrail is used to monitor API calls, though you would have to define what an insecure request is Configuration changes are monitored by AWS Config.
195. What is a common use case for Amazon Inspector?
  • A. Patch machines that are not on the current patch level.
  • B. Monitor your network for intrusions.
  • C. Define the standards or best practices that your applications must adhere to.
  • D. Compare best practices of the Well-Architected Framework to the current state.
Answer - C
Explanation - With Amazon Inspector, you can define which standards your applications must adhere to. For example, if you are writing an application for processing credit cards, you can set Amazon Inspector to perform an assessment for PCI-DSS compliance. Patching is done by Patch Manager, a component of AWS Systems Manager. Network intrusions can be found by Amazon GuardDuty, and Trusted Advisor is used to compare your environment to Well-Architected Framework best practices.
196. Which of these responses is a benefit of Amazon GuardDuty?
  • A. Compare the environment to the best practices laid out in the Well-Architected Framework.
  • B. Perform security assessments.
  • C. Identify threats on the network.
  • D. Maintain patch levels for systems.
Answer - C
Explanation - Amazon GuardDuty identifies network threats and even suspicious account activity. AWS Trusted Advisor compares your existing environment to best practices laid out in the Well-Architected Framework. Security assessments are performed by Amazon Inspector. Patch levels are maintained by Patch Manager, a component of AWS Systems Manager.
197. Which of these responses is a benefit of Amazon GuardDuty?
  • A. Automated responses to identified threats
  • B. Identification of stale user accounts
  • C. Identification of users/groups with excessive permissions
  • D. Automated security assessments
Answer - A
Explanation - Amazon GuardDuty not only identifies threats on your network, it can automatically respond to those threats as well. Identifying stale user accounts or users/groups with excessive permissions is something that should be done by your IAM team, utilizing AWS IAM. Automated security assessments are performed by Amazon Inspector.
198. Which of these responses is a benefit of Amazon GuardDuty?
  • A. Maintain desired patch levels.
  • B. Manage encryption keys for your AWS environment.
  • C. Support a single AWS account.
  • D. Support multiple AWS accounts.
Answer - D
Explanation - Amazon GuardDuty can support multiple AWS accounts, giving visibility across your enterprise. Patching is handled by Patch Manager, a component of AWS Systems Manager. Encryption keys are managed by AWS Key Management Service (KMS).
199. Your security department has approached you wanting to have a centralized view of all identified network threats in your AWS environment. What would be the best product to give them that visibility?
  • A. Amazon Inspector
  • B. AWS Trusted Advisor
  • C. Amazon GuardDuty
  • D. Amazon QuickSight
Answer - C
Explanation - Amazon GuardDuty will give your security department the visibility they want into the identified threats in your AWS environment. Amazon Inspector is used for security assessments, AWS Trusted Advisor is used to compare against best practices laid out in the Well-Architected Framework, and Amazon QuickSight is used to create visualizations of the data in your AWS environment but is not focused on visualization of network threats.
200. Your security department has approached you about monitoring suspicious user activity in AWS. What would be the best product to give them that visibility?
  • A. Amazon GuardDuty
  • B. AWS IAM
  • C. AWS Directory Service
  • D. AWS Organizations
Answer - A
Explanation - Amazon GuardDuty can monitor for suspicious user activity in addition to network threats. AWS IAM and AWS Directory Service are used to control user access but do not monitor for suspicious access. AWS Organizations is used to enforce policies across an organization and to provide visibility into logging across the organization.