Amazon Exam SOA-C02 Topic 4 Question 89 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 89
Topic #: 4

A company's application currently uses an IAM role that allows all access to all AWS services. A SysOps administrator must ensure that the company's IAM policies allow only the permissions that the application requires.

How can the SysOps administrator create a policy to meet this requirement?

ATurn on AWS CloudTrail. Generate a policy by using AWS Security Hub.

BTurn on Amazon EventBridge (Amazon CloudWatch Events). Generate a policy by using AWS Identity and Access Management Access Analyzer.

CUse the AWS CLI to run the get-generated-policy command in AWS Identity and Access Management Access Analyzer.

DTurn on AWS CloudTrail. Generate a policy by using AWS Identity and Access Management Access Analyzer.

Show Suggested Answer

Suggested Answer: D

Generate a policy by using AWS Identity and Access Management Access Analyzer. AWS CloudTrail is a service that records all API calls made on your account. You can use this data to generate a policy with AWS Identity and Access Management Access Analyzer that only allows the permissions that the application requires. This will ensure that the application only has the necessary permissions and will protect the company from any unauthorized access.

https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html#what-is-access-analyzer-policy-generation

by Leontine at Apr 22, 2024, 09:58 PM

Limited Time Offer

25%

5 days ago

How can we create a policy to limit the permissions?

upvoted 0 times

Claribel

6 hours ago

A) Turn on AWS CloudTrail. Generate a policy by using AWS Security Hub.

upvoted 0 times

...