ExpertEasy1 markMultiple Choice
AWS SAP-C02 · Question 37 · Domain 3.2: Security Improvement
A security team is conducting an audit of their AWS environment. They want to identify any IAM roles that have been granted permissions they haven't used in the last 90 days, so they can implement least privilege. Which AWS service or feature provides this specific capability?
A security team is conducting an audit of their AWS environment. They want to identify any IAM roles that have been granted permissions they haven't used in the last 90 days, so they can implement least privilege. Which AWS service or feature provides this specific capability?
Answer options:
A.
AWS CloudTrail
B.
AWS Trusted Advisor
C.
IAM Access Analyzer
D.
Amazon GuardDuty
How to approach this question
Identify the service designed for IAM policy generation and unused permission analysis.
Full Answer
C.IAM Access Analyzer✓ Correct
IAM Access Analyzer
IAM Access Analyzer helps you implement least privilege by generating IAM policies based on the access activity of your roles. It identifies permissions that have not been used over a specified period (e.g., 90 days).
Common mistakes
Choosing CloudTrail, which requires manual log analysis.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4
75 questions · hints · full answers · grading
More questions from this exam
Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...HardQ02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...MediumQ03An e-commerce company requires a multi-region active-active architecture for its critical order p...MediumQ04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...HardQ05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium