AWS Certified Cloud Practitioner

Explanation

AWS Identity and Access Management (IAM) is the correct answer because:

• IAM is AWS's core service for managing access to AWS services and resources
• It allows you to create and manage AWS users and groups
• You can set permissions to control which AWS services and resources users can access
• IAM provides centralized control of your AWS account
• It integrates with existing identity systems through federation

Why other options are incorrect:

• AWS Directory Service: Used for integrating with Microsoft Active Directory, not the primary tool for managing AWS users/groups
• AWS Organizations: Used for managing multiple AWS accounts, not individual user/group management
• AWS Single Sign-On: Provides single sign-on access, but IAM is still needed for user/group management
• AWS Cognito: Used for adding user sign-up/sign-in to mobile and web apps, not for managing AWS administrative access
• AWS CloudTrail: Used for logging and monitoring API activity, not for user/group management

For an operational team managing both on-premise and AWS identities, IAM would be the primary tool they need to learn and use for managing AWS users and groups.