Ends in

$2 OFF in ALL Azure Practice Exams & NEW AZ-500 Microsoft Azure Security Engineer Associate Practice Exams at $10.99!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Question from SAA practice exam 4 – Config

Tagged: ,

  • Question from SAA practice exam 4 – Config

  • SeanB

    March 10, 2023 at 10:01 am

    Question from SAA practice exam 4

    A company has a team of developers that provisions their own resources on the AWS cloud. The developers use IAM user access keys to automate their resource provisioning and application testing processes in AWS. To ensure proper security compliance, the security team wants to automate the process of deactivating and deleting any IAM user access key that is over 90 days old.

    Which solution will meet these requirements with the LEAST operational effort?

    The correct answer

    Use the AWS Config managed rule to check if the IAM user access keys are not rotated within 90 days. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the non-compliant keys, and define a target to invoke a custom Lambda function to deactivate and delete the keys.

    Was hoping for just a touch of clarity. I understand config is the correct service to use in this case however i did not select this option because the solution mentions any key that has not been rotated in 90 days. In this case the request was any key that is over 90 days old. I was of the belief access key age is not the same as how long since the key has been rotated. I guess access key age and day since rotation is the same thing?

  • fahd

    March 18, 2023 at 1:59 am

    When you rotate your access keys, you create a new one to replace the old one. The key itself in not rotated. The old key is deleted.

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018