Answer-first summary for fast verification
Answer: The IAM credential report was generated within the past 4 hours.
The correct answer is A. The noncompliant status is likely because the IAM credential report was generated within the past 4 hours. AWS Config requires the credential report data to be updated, and this can only happen every 4 hours. Therefore, generating the report within this time frame can result in outdated information, causing all resources to appear as noncompliant.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A security engineer has recently rotated all IAM access keys in an AWS account and subsequently configured AWS Config to enable several managed rules, including mfa-enabled-for-iam-console-access, iam-user-mfa-enabled, access-keys-rotated, and iam-user-unused-credentials-check. Despite these actions, the security engineer observes that all resources are showing as noncompliant after invoking the IAM GenerateCredentialReport API operation. What might be a potential reason for these resources to be flagged as noncompliant?
A
The IAM credential report was generated within the past 4 hours.
B
The security engineer does not have the GenerateCredentialReport permission.
C
The security engineer does not have the GetCredentialReport permission.
D
The AWS Config rules have a MaximumExecutionFrequency value of 24 hours.