nerdexam
ExamsSOA-C02Questions#398
AmazonAmazon

SOA-C02 · Question #398

SOA-C02 Question #398: Real Exam Question with Answer & Explanation

The correct answer is D: Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is- access-analyzer-policy-generation

Submitted by kevin_r· Mar 30, 2026

Question

A company's application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company's IAM policies allow only the permissions that the application requires. How can the SysOps administrator create a policy to meet this requirement?

Options

  • ATurn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
  • BTurn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS
  • CUse the AWS CLI to run the get-generated-policy command in AWS Identity and Access
  • DTurn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management

Explanation

https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is- access-analyzer-policy-generation

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SOA-C02 PracticeBrowse All SOA-C02 Questions