DVA-C02 · Question #799
A company's AWS environment includes Amazon S3 buckets, Amazon EC2 instances, and AWS Lambda functions. A developer needs to systematically analyze IAM policies and the AWS resources in the environmen
The correct answer is C. Run AWS IAM Access Analyzer on applicable IAM roles.. IAM Access Analyzer evaluates IAM policies and analyzes actual access paths to AWS resources, identifying permissions that allow unintended or overly broad access. It also provides actionable findings and recommendations to help tighten permissions, all with minimal setup and ope
Question
A company's AWS environment includes Amazon S3 buckets, Amazon EC2 instances, and AWS Lambda functions. A developer needs to systematically analyze IAM policies and the AWS resources in the environment. The developer also must generate recommendations about how to tighten permissions that are identified as overly permissive. Which action will meet these requirements with the LEAST operational overhead?
Options
- AInvestigate IAM policies in AWS Trusted Advisor.
- BConfigure AWS Security Hub to send notifications about findings.
- CRun AWS IAM Access Analyzer on applicable IAM roles.
- DQuery AWS CloudTrail events for AWS service interactions.
How the community answered
(35 responses)- A6% (2)
- B14% (5)
- C77% (27)
- D3% (1)
Explanation
IAM Access Analyzer evaluates IAM policies and analyzes actual access paths to AWS resources, identifying permissions that allow unintended or overly broad access. It also provides actionable findings and recommendations to help tighten permissions, all with minimal setup and operational overhead.
Community Discussion
No community discussion yet for this question.