🔥 3-day streak
AWS Certified CloudOps Engineer - Associate96 / 159
Question 96 of 159
A CloudOps engineer is tasked with tightening IAM permissions across a single AWS account. The security team wants to identify IAM roles and users that have permissions they have not used in the last 90 days, so those excess permissions can be removed to enforce least privilege. The engineer wants a native, low-maintenance AWS solution that automatically surfaces these findings without writing custom scripts to parse logs. Which approach should the engineer implement?
Reviewed for accuracy · Report an issueNext question