🔥 3-day streak
AWS Certified SysOps Administrator - Associate91 / 150
Question 91 of 150
A SysOps administrator is conducting a quarterly access review for a large AWS account. Security policy requires identifying IAM roles that have permissions granted but have not been used within the last 90 days, so that unnecessary privileges can be removed to enforce least privilege. The administrator wants a managed, automated way to surface these findings without writing custom scripts to parse CloudTrail logs. Which approach should be used?
Reviewed for accuracy · Report an issueNext question