Consider a scenario where an AWS environment has been configured with IAM policies that grant extensive permissions to a set of users. Upon review, it is discovered that these permissions exceed the necessary level for the users to perform their duties. What steps would you take to apply the principle of least privilege and reduce the risk of unauthorized access or actions?

Simulated

Immediately revoke all permissions and re-evaluate the need for each permission individually.

0.0%

Create a new set of policies with reduced permissions and gradually migrate users to these new policies, monitoring for any issues.

100.0%

Instruct users to self-regulate their permissions and report any unnecessary access.

0.0%

Increase monitoring of user activities to detect any misuse of permissions before taking action.

0.0%

AWS Certified Security - Specialty