AWS Certified Security - Specialty (#41)

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key. What approach would enable the Security team to find out what the former employee may have done within AWS?

Use the AWS CloudTrail console to search for user activity.
Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
Use AWS Config to see what actions were taken by the user.
Use Amazon Athena to query CloudTrail logs stored in Amazon S3.