{"id":55,"date":"2021-01-04T08:08:55","date_gmt":"2021-01-04T08:08:55","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question048\/"},"modified":"2021-01-04T08:08:55","modified_gmt":"2021-01-04T08:08:55","slug":"aws-certified-security-specialty-scs-c01-question048","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/Security-Specialty_SCS-C01\/aws-certified-security-specialty-scs-c01-question048\/","title":{"rendered":"AWS Certified Security – Specialty SCS-C01 – Question048"},"content":{"rendered":"
A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old.
\nWhich of the following options should the Security Engineer use?

A.<\/strong> In the AWS Console, choose the IAM service and select \u201cUsers\u201d. Review the \u201cAccess Key Age\u201d column.
B.<\/strong> Define an IAM policy that denies access if the key age is more than three months and apply to all users.
C.<\/strong> Write a script that uses the GenerateCredentialReport, GetCredentialReport, and UpdateAccessKey APIs.
D.<\/strong> Create an Amazon CloudWatch alarm to detect aged access keys and use an AWS Lambda function to disable the keys older than 90 days.<\/div>\n

<\/p>\n