Question #784
A company wants to identify IAM policies that grant excessive permissions beyond what is necessary for users and roles. Which AWS service will meet this requirement?
AWS Trusted Advisor
Amazon CloudWatch
Amazon GuardDuty
AWS Health Dashboard
Explanation
AWS Trusted Advisor (Option A) is the correct answer because it offers a security check that specifically identifies IAM policies granting more permissions than necessary. This aligns with the principle of least privilege. Trusted Advisor's 'Security Groups - Specific Ports Unrestricted' and 'IAM Use' checks help detect overly permissive policies.
Other options are incorrect:
- Amazon CloudWatch (B): Monitors AWS resources and applications but does not analyze IAM policies.
- Amazon GuardDuty (C): Focuses on threat detection (e.g., malicious activity) rather than auditing policy permissions.
- AWS Health Dashboard (D): Provides service health status, not security policy analysis.
Key Point: Trusted Advisor's security checks help enforce least-privilege access by flagging excessive permissions in IAM policies.
Answer
The correct answer is: A