AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Deploy an AWS Config managed rule to run daily, selecting the access-keys-rotated rule and setting maxAccessKeyAge to 90 days. Create an Amazon EventBridge rule that triggers on NON_COMPLIANT findings from AWS Config and sends an Amazon SNS notification to the security team.

The correct answer is A. This solution leverages AWS Config managed rules to check for non-compliant access keys without manual scripting. By setting up the managed rule to run daily and configuring an Amazon EventBridge rule to listen for NON_COMPLIANT findings, notifications are automatically sent via Amazon SNS to the security team. This approach minimizes the effort required since it uses built-in AWS services and managed rules, avoiding the need for custom scripts or complex configurations.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company requires a solution to automatically notify its security team whenever an AWS access key has not been rotated for 90 days or more. The solution should require the least amount of effort to implement. Which of the following solutions would achieve this requirement?

Exam-Like

Deploy an AWS Config managed rule to run daily, selecting the access-keys-rotated rule and setting maxAccessKeyAge to 90 days. Create an Amazon EventBridge rule that triggers on NON_COMPLIANT findings from AWS Config and sends an Amazon SNS notification to the security team.

100.0%

Create a script to export IAM access key rotation data from AWS Trusted Advisor into a CSV file, upload this via an AWS Lambda function to an Amazon S3 bucket. Use Amazon Athena to query the CSV for keys older than 90 days and send an Amazon SNS notification to the security team if any are found.

0.0%

Develop a script to periodically download the IAM credentials report, run it via an AWS Lambda function scheduled with Amazon EventBridge. The script should filter for keys not rotated in the last 90 days and send an Amazon SNS notification to the security team if any are detected.

Create an AWS Lambda function that lists all users via the IAM API and checks each user's access keys using the ListAccessKeys operation. If any key's CreateDate is 90 days or older, the function should send an Amazon SNS notification to the security team. Schedule this function to run daily using Amazon EventBridge.