Which RQL query is used to detect certain high-risk activities executed by a root user in AWS? A. event from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root' B. event from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root' C. config from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey', 'DeleteAlarms' ) AND user = 'root' D. event from cloud.audit_logs where Risk.Level = 'high' AND user = 'root' Â Suggested Answer: A Community Answer: A This question is in PCCSE Palo Alto Networks Certified Cloud Security Engineer Exam For getting Palo Alto Networks Certified Cloud Security Engineer (PCCSE) Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Palo Alto Networks. Trademarks, certification & product names are used for reference only and belong to Palo Alto Networks. The website does not contain actual questions and answers from Palo Alto Networks's Certification Exams.
Please login or Register to submit your answer