🔥 3-day streak
AWS Certified Security - Specialty55 / 157
Question 55 of 157

A security engineer at a large enterprise must enforce least privilege across 200 AWS accounts in an AWS Organization. Leadership wants an ongoing, automated way to identify IAM roles and users that have permissions they are not actually using (unused access), and to generate refined policies based on observed CloudTrail activity, so that overly broad policies can be tightened. Which approach best meets these requirements with the least custom development?

Reviewed for accuracy · Report an issueNext question