SCS-C02 · Question #413
SCS-C02 Question #413: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #413. The question stem and answer options stay visible for context.
Question
A security engineer is designing an IAM policy for a script that will use the AWS CLI. The script currently assumes an IAM role that is attached to three AWS managed IAM policies: AmazonEC2FullAccess, AmazonDynamoDBFullAccess, and AmazonVPCFullAccess. The security engineer needs to construct a least privilege IAM policy that will replace the AWS managed IAM policies that are attached to this role. Which solution will meet these requirements in the MOST operationally efficient way?
Options
- AIn AWS CloudTrail, create a trail for management events. Run the script with the existing AWS
- BRemove the existing AWS managed IAM policies from the role. Attach the IAM Access Analyzer
- CCreate an account analyzer in IAM Access Analyzer. Create an archive rule that has a filter that
- DIn AWS CloudTrail, create a trail for management events. Remove the existing AWS managed
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.