A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old. Which of the following options should the Security Engineer use?
A) In the AWS Console, choose the IAM service and select "Users". Review the "Access Key Age" column.
B) Define an IAM policy that denies access if the key age is more than three months and apply to all users.
C) Write a script that uses the GenerateCredentialReport, GetCredentialReport, and UpdateAccessKey APIs.
D) Create an Amazon CloudWatch alarm to detect aged access keys and use an AWS Lambda function to disable the keys older than 90 days.
Correct Answer:
Verified
Q110: What is the function of the following
Q111: Due to new compliance requirements, a Security
Q112: During a recent security audit, it was
Q113: The Information Technology department has stopped using
Q114: A company has a forensic logging use
Q116: A company has multiple VPCs in their
Q117: A Developer's laptop was stolen. The laptop
Q118: For compliance reasons, an organization limits the
Q119: A distributed web application is installed across
Q120: A company recently experienced a DDoS attack
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents