The correct option is Type the search term "copilot" in the organization audit log to list all Copilot usage and policy events.

The organization audit log supports searching by keywords and action categories, so entering the word copilot returns Copilot related events such as enablement and disablement, team and organization policy changes, and configuration updates. This meets the administrators need to see who turned Copilot on or off, which teams can use it, and any changes to related security policies directly in the organization settings.

Export the entire audit log and analyze it offline because GitHub does not offer filters specific to Copilot is incorrect because the audit log UI supports searching for Copilot activity, so exporting everything is unnecessary for this task.

Use the GitHub API because Copilot audit events are not visible in the GitHub web interface is incorrect because Copilot events are visible and searchable in the organization audit log in the web interface. The API is optional rather than required.

Stream audit logs to Cloud Logging and search there since organization settings cannot filter Copilot events is incorrect because the organization audit log can already surface Copilot events. Streaming is intended for long term ingestion and GitHub streams to integrations such as Google Cloud Pub or Azure Event Hubs rather than directly to Cloud Logging.

Full AWS Practitioner Certification Question