ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified SysOps Administrator - Associate All Questions

View all questions & answers for the AWS Certified SysOps Administrator - Associate exam
Go to Exam

Exam AWS Certified SysOps Administrator - Associate topic 1 question 134 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate
Question #: 134
Topic #: 1
[All AWS Certified SysOps Administrator - Associate Questions]

A company requires that all IAM user accounts that have not been used for 90 days or more must have their access keys and passwords immediately disabled. A SysOps administrator must automate the process of disabling unused keys using the MOST operationally efficient method.

How should the SysOps administrator implement this solution?

  • A. Create an AWS Step Functions workflow to identify IAM users that have not been active for 90 days. Run an AWS Lambda function when a scheduled Amazon EventBridge (Amazon CloudWatch Events) rule is invoked to automatically remove the AWS access keys and passwords for these IAM users.
  • B. Configure an AWS Config rule to identify IAM users that have not been active for 90 days. Set up an automatic weekly batch process on an Amazon EC2 instance to disable the AWS access keys and passwords for these IAM users.
  • C. Develop and run a Python script on an Amazon EC2 instance to programmatically identify IAM users that have not been active for 90 days. Automatically delete these IAM users.
  • D. Set up an AWS Config managed rule to identify IAM users that have not been active for 90 days. Set up an AWS Systems Manager automation runbook to disable the AWS access keys for these IAM users.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by marcelodba at Nov. 27, 2022, 4:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ede83d8
6 months, 2 weeks ago
Selected Answer: D
AWSConfigRemediation-DeleteIAMUser
upvoted 1 times
...
Christina666
1 year ago
Selected Answer: D
Checks if your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided. The rule is NON_COMPLIANT if there are inactive accounts not recently used.
upvoted 1 times
...
Tony183
1 year, 1 month ago
Selected Answer: D
DDDDDDDD
upvoted 2 times
...
michaldavid
1 year, 8 months ago
Selected Answer: D
ddddddd
upvoted 2 times
...
Pepepep
1 year, 8 months ago
D. https://docs.aws.amazon.com/config/latest/developerguide/iam-user-unused-credentials-check.html
upvoted 4 times
...
marcelodba
1 year, 8 months ago
Selected Answer: D
I'll go for D
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel