🔥 3-day streak
AWS Certified DevOps Engineer - Professional173 / 204
Question 173 of 204

A financial services company must continuously detect any IAM roles, S3 buckets, KMS keys, or other resources across their AWS Organization that grant access to external principals (accounts outside the organization). The security team wants a fully managed solution that generates findings when such external access is detected, aggregates them centrally, and requires minimal custom code. Auditors also require evidence that findings are reviewed and archived when access is intentional. Which approach BEST meets these requirements?

Reviewed for accuracy · Report an issueNext question