A company wants to improve the security posture of their AWS Organizations environment. They need to automatically detect unintended public access to S3 buckets and ensure that all IAM users have MFA enabled. Which TWO services should they use to achieve this? (Select TWO)

Answer options:

AWS IAM Access Analyzer

Amazon Inspector

AWS Security Hub

AWS Shield Advanced

AWS WAF

Amazon Detective

How to approach this question

Identify the service for resource access analysis and the service for compliance posture management.

Full Answer

IAM Access Analyzer detects public or cross-account access to resources like S3. Security Hub runs automated security checks (like the CIS AWS Foundations Benchmark) which flags users without MFA.

Common mistakes

Selecting Inspector, which is for OS/container vulnerabilities.

Question 47 All questions Question 49

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise requires highly available hybrid connectivity between its on-premises data ce...Hard Q02An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs...Hard Q03A company uses AWS Organizations. The network team wants to share a central Transit Gateway (TGW)...Medium Q04An enterprise has on-premises data centers in the US and Europe. They want to use the AWS global ...Hard Q05A company requires that all API calls to Amazon S3 from their VPC must not traverse the public in...Medium

View all 75 questions →