Exam AWS Certified SysOps Administrator - Associate topic 1 question 221 discussion

Exam question from Amazon's AWS Certified SysOps Administrator - Associate

Question #: 221
Topic #: 1

[All AWS Certified SysOps Administrator - Associate Questions]

A company’s application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company’s IAM policies allow only the permissions that the application requires.

How can the SysOps administrator create a policy to meet this requirement?

A. Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.
B. Turn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer.
C. Use the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer.
D. Turn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer.

Show Suggested Answer

Suggested Answer: D 🗳️

by zolthar_z at Jan. 3, 2023, 3:12 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

Christina666

Highly Voted 10 months, 1 week ago

Selected Answer: D

IAM Access Analyzer analyzes your AWS CloudTrail logs to identify actions and services that have been used by an IAM entity (user or role) within your specified date range. It then generates an IAM policy that is based on that access activity. You can use the generated policy to refine an entity's permissions by attaching it to an IAM user or role.

upvoted 9 times

...

zolthar_z

Most Recent 1 year, 4 months ago

Selected Answer: D

Ans is D, https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is-access-analyzer-policy-generation

upvoted 3 times

...