SCS-C02 · Question #68
SCS-C02 Question #68: Real Exam Question with Answer & Explanation
The correct answer is C: Use AWS Identity and Access Management Access Analyzer to review last accessed information. https://aws.amazon.com/iam/features/analyze-access/ https://aws.amazon.com/blogs/security/iam-access-analyzer-makes-it-simpler-to-author-and- validate-role-trust-policies/
Question
A security engineer for a company wants to maintain all IAM users and roles according to the principle of least privilege. The security engineer plans to audit the IAM permissions once every 365 days. The security engineer must view the permissions that each IAM identity used in the last 365 days and must remove any unused permissions. Which solution will meet these requirements?
Options
- AUse AWS CloudTrail logs to review IAM identity actions and to remove unused permissions.
- BUse AWS Config to review configuration changes by each IAM identity and to remove unused
- CUse AWS Identity and Access Management Access Analyzer to review last accessed information
- DUse AWS Trusted Advisor to check the IAM identities that have elevated permissions and to
Explanation
https://aws.amazon.com/iam/features/analyze-access/ https://aws.amazon.com/blogs/security/iam-access-analyzer-makes-it-simpler-to-author-and- validate-role-trust-policies/
Community Discussion
No community discussion yet for this question.