A security team is conducting an audit of their AWS environment. They want to identify any IAM roles that have been granted permissions they haven't used in the last 90 days, so they can implement least privilege. Which AWS service or feature provides this specific capability?

Answer options:

AWS CloudTrail

AWS Trusted Advisor

IAM Access Analyzer

Amazon GuardDuty

How to approach this question

Identify the service designed for IAM policy generation and unused permission analysis.

Full Answer

C.IAM Access Analyzer✓ Correct

IAM Access Analyzer helps you implement least privilege by generating IAM policies based on the access activity of your roles. It identifies permissions that have not been used over a specified period (e.g., 90 days).

Common mistakes

Choosing CloudTrail, which requires manual log analysis.

Question 36 All questions Question 38

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise is redesigning its network architecture across 50 AWS accounts. They require ...Hard Q02A financial services company uses AWS Organizations to manage 100+ accounts. The security team ma...Medium Q03An e-commerce company requires a multi-region active-active architecture for its critical order p...Medium Q04A company is setting up a new AWS environment using AWS Control Tower. They need to ensure that a...Hard Q05An enterprise has 50 AWS accounts under AWS Organizations. They want to implement a chargeback mo...Medium

View all 75 questions →