SAA-C03 · Question #777
SAA-C03 Question #777: Real Exam Question with Answer & Explanation
The correct answer is C: Create an AWS Config rule to check for the key age. Define an Amazon EventBridge rule to. AWS Config provides a managed rule to check IAM access key age. By combining it with an EventBridge-scheduled Lambda function to deactivate and remove keys older than 90 days, the solution enforces rotation automatically with minimal operational overhead, without needing to manag
Question
A security team needs to enforce the rotation of all IAM users' access keys every 90 days. If an access key is found to be older, the key must be made inactive and removed. A solutions architect must create a solution that will check for and remediate any keys older than 90 days. Which solution meets these requirements with the LEAST operational effort?
Options
- ACreate an AWS Config rule to check for the key age. Configure the AWS Config rule to run an
- BCreate an Amazon EventBridge rule to check for the key age. Configure the rule to run an AWS
- CCreate an AWS Config rule to check for the key age. Define an Amazon EventBridge rule to
- DCreate an Amazon EventBridge rule to check for the key age. Define an EventBridge rule to run
Explanation
AWS Config provides a managed rule to check IAM access key age. By combining it with an EventBridge-scheduled Lambda function to deactivate and remove keys older than 90 days, the solution enforces rotation automatically with minimal operational overhead, without needing to manage batch jobs or custom scripts.
Community Discussion
No community discussion yet for this question.