ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 44 · Domain 3.2: Security Improvement
A security audit reveals that IAM users have overly permissive policies. The security team wants to automatically analyze CloudTrail logs to generate least-privilege IAM policies based on actual usage over the last 90 days. Which tool should they use?
A security audit reveals that IAM users have overly permissive policies. The security team wants to automatically analyze CloudTrail logs to generate least-privilege IAM policies based on actual usage over the last 90 days. Which tool should they use?
Answer options:
A.
AWS Trusted Advisor
B.
IAM Access Analyzer policy generation
C.
AWS Config
D.
Amazon Macie
How to approach this question
Identify the IAM feature that analyzes logs to create policies.
Full Answer
B.IAM Access Analyzer policy generation✓ Correct
IAM Access Analyzer policy generation
IAM Access Analyzer policy generation creates policies based on access activity recorded in AWS CloudTrail.
Common mistakes
Not knowing that Access Analyzer has a policy generation feature.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium