nerdexam
Amazon

DVA-C02 · Question #799

A company's AWS environment includes Amazon S3 buckets, Amazon EC2 instances, and AWS Lambda functions. A developer needs to systematically analyze IAM policies and the AWS resources in the environmen

The correct answer is C. Run AWS IAM Access Analyzer on applicable IAM roles.. IAM Access Analyzer evaluates IAM policies and analyzes actual access paths to AWS resources, identifying permissions that allow unintended or overly broad access. It also provides actionable findings and recommendations to help tighten permissions, all with minimal setup and ope

Submitted by andres_qro· Mar 5, 2026Security

Question

A company's AWS environment includes Amazon S3 buckets, Amazon EC2 instances, and AWS Lambda functions. A developer needs to systematically analyze IAM policies and the AWS resources in the environment. The developer also must generate recommendations about how to tighten permissions that are identified as overly permissive. Which action will meet these requirements with the LEAST operational overhead?

Options

  • AInvestigate IAM policies in AWS Trusted Advisor.
  • BConfigure AWS Security Hub to send notifications about findings.
  • CRun AWS IAM Access Analyzer on applicable IAM roles.
  • DQuery AWS CloudTrail events for AWS service interactions.

How the community answered

(35 responses)
  • A
    6% (2)
  • B
    14% (5)
  • C
    77% (27)
  • D
    3% (1)

Explanation

IAM Access Analyzer evaluates IAM policies and analyzes actual access paths to AWS resources, identifying permissions that allow unintended or overly broad access. It also provides actionable findings and recommendations to help tighten permissions, all with minimal setup and operational overhead.

Community Discussion

No community discussion yet for this question.

Full DVA-C02 Practice