ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 207 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 207
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company grants external users access to its AWS account by creating an IAM user for each external user. A DevOps engineer must implement a solution to revoke access from IAM users that have not accessed the account in 90 days.

Which solution will meet these requirements?

  • A. Turn on AWS Config in the AWS account. Deploy the lam-user-unused-credentials-check AWS Config managed rule Configure the rule to run periodically Configure AWS. Config automatic remediation to run the AWSConfigRemediation-RevokeUnusedlAMUserCredentials AWS Systems Manager Automation runbook.
  • B. Use AWS Identity and Access Management Access Analyzer to create an analyzer in the AWS account. Create an Amazon EventBridge rule to match IAM Access Analyzer events for IAM users that were last accessed more than 90 days ago. Configure the rule to run the AWSConfigRemediation-DetachlAMPolicy AWS Systems Manager Automation runbook to detach any policies that are attached to the IAM user.
  • C. Enable AWS Trusted Advisor in the AWS account. Use the AWS Developer Support plan to access the AWS Support API. Configure an Amazon EventBridge scheduled rule to use the Support API’s Trusted Advisor IAM Access Key Rotation check to discover IAM credentials that have not been accessed for more than 90 days. Configure another EventBridge rule to use the Trusted Advisor Check Item Refresh Status event type and to run the AWSConfigRemediation-RevokeUnusedlAMUserCredentials AWS Systems Manager Automation runbook.
  • D. Enable AWS Security Hub in the AWS account. Configure a Security Hub rule that determines when an IAM user was last accessed. Configure an Amazon EventBridge rule to match the Security Hub rule and to run the AWSConfigRemediation-RevokeUnusedlAMUserCredentials AWS Systems Manager Automation runbook.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ds50421 at March 1, 2023, 7:38 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CloudFloater
Highly Voted 2 years, 1 month ago
Selected Answer: A
Option A: correct, Revokes unused IAM credentials. Option B: does not revoke, Detaches policies for inactive IAM users. Option C: does not revoke, Uses Trusted Advisor to discover inactive IAM credentials. Option D: does not revoke, Determines last IAM access.
upvoted 5 times
...
stalos
Most Recent 2 years, 1 month ago
The answer is A.
upvoted 1 times
...
Mark1000
2 years, 1 month ago
I vote for A
upvoted 2 times
...
saeidp
2 years, 1 month ago
A seems correct https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html
upvoted 2 times
...
ds50421
2 years, 1 month ago
Selected Answer: B
B is answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago