ExpertHard1 markMultiple Choice
AWS SAP-C02 · Question 48 · Domain 3.2: Security Improvement
A company wants to improve the security posture of their AWS Organizations environment. They need to automatically detect unintended public access to S3 buckets and ensure that all IAM users have MFA enabled. Which TWO services should they use to achieve this? (Select TWO)
A company wants to improve the security posture of their AWS Organizations environment. They need to automatically detect unintended public access to S3 buckets and ensure that all IAM users have MFA enabled. Which TWO services should they use to achieve this? (Select TWO)
Answer options:
A.
AWS IAM Access Analyzer
B.
Amazon Inspector
C.
AWS Security Hub
D.
AWS Shield Advanced
E.
AWS WAF
F.
Amazon Detective
How to approach this question
Identify the service for resource access analysis and the service for compliance posture management.
Full Answer
A, C
IAM Access Analyzer detects public or cross-account access to resources like S3. Security Hub runs automated security checks (like the CIS AWS Foundations Benchmark) which flags users without MFA.
Common mistakes
Selecting Inspector, which is for OS/container vulnerabilities.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6
75 questions · hints · full answers · grading
More questions from this exam
Q01A global enterprise requires highly available hybrid connectivity between its on-premises data ce...HardQ02An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs...HardQ03A company uses AWS Organizations. The network team wants to share a central Transit Gateway (TGW)...MediumQ04An enterprise has on-premises data centers in the US and Europe. They want to use the AWS global ...HardQ05A company requires that all API calls to Amazon S3 from their VPC must not traverse the public in...Medium