AWS Certified Cloud Practitioner (CLF-C02) — Question 314

A company is migrating its applications from on-premises to the AWS Cloud. The company wants to ensure that the applications are assigned only the minimum permissions that are needed to perform all operations.

Which AWS service will meet these requirements?

Answer options

• A. AWS Identity and Access Management (IAM)
• B. Amazon CloudWatch
• C. Amazon Macie
• D. Amazon GuardDuty

Correct answer: A

Explanation

AWS Identity and Access Management (IAM) allows you to securely control access to AWS resources by defining specific permissions and roles, which perfectly supports the principle of least privilege. Amazon CloudWatch is a monitoring and observability service, Amazon Macie is used for discovering and protecting sensitive data in S3, and Amazon GuardDuty is a continuous security monitoring and threat detection service.