Exam AWS Certified Security - Specialty topic 1 question 290 discussion

least amount of management overhead --> Answer D

Best answer is B. The ask is to " assess the impact of the exposed access key", which mean how the exposed access key has been used. Credential report does not include such information, it includes information about the credential itself..when it was created, last used, last changed. Not useful to assess the impact.

D, according to ChatGPT. "Here's why Option D is the best choice: - AWS IAM provides a credential report that contains details about the AWS access keys associated with your IAM users. - The credential report includes information such as when each access key was last used. - Analyzing this report is a straightforward and efficient way to determine the last usage of the exposed access key. - It does not involve setting up additional logs or searching through logs, which can be more time-consuming and complex."

to assess the impact of the exposed access key. -> search for the access key in CloudWatch Logs

Question says "The company needs to assess the impact of the exposed access key." How can you analyze the impact with IAM Report "last used" info ? It has to be B

B can be true only if CloudTrail was enabled. since it was not mentioned in the question i pick D.

both B&D seems correct options but 'D' has less managerial overhead

I agree that option D would be faster to check if the Access Key was used, but there is a gap of 4 hours to be generated. So, we could be looking at a past information. As CloudWatch is near real time, I would go for it - option B.

Question is to examine the ramifications of the revealed access key. can only be done via option B i.e. Analyze Amazon CloudWatch Logs for activity by searching for the access key. You can configure CloudTrail with CloudWatch Logs to monitor your trail logs and be notified when specific activity occurs. The credential report in AWS Identity and Access Management (IAM) can only see when the access key was last used hence the answer is B (Analyze Amazon CloudWatch Logs for activity by searching for the access key)

D is a fast and simple way to see if leaked credentials were accessed.

D - is the ans

D is the fastest and simplest way to see when it was last used , since it was deactivated as soon as it was reported, all you need is to see if the use time is later then the commit time.

D is correct access_key_1_last_used_region The AWS Region in which the access key was most recently used. When an access key is used more than once in a 15-minute span, only the first use is recorded in this field. The value in this field is N/A (not applicable) in these cases: The user does not have an access key. The access key has never been used. The access key was last used before IAM started tracking this information on April 22, 2015. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html The last used service is not Region-specific, such as Amazon S3.

"D" is right GetCredentialReport

Answer is D For those thinking about A - Bear in mind that TrustAdvisor can just notify you if your key is exposed and also check for existence of IAM user to discourage root access https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-check-reference.html#exposed-access-keys