AWS Certified Cloud Practitioner (CLF-C02) — Question 393

Which AWS service or resource can identify and provide reports on IAM resources in one AWS account that is shared with another AWS account?

Answer options

• A. IAM credential report
• B. AWS IAM Identity Center (AWS Single Sign-On)
• C. AWS Identity and Access Management Access Analyzer
• D. Amazon Cognito user pool

Correct answer: C

Explanation

AWS Identity and Access Management Access Analyzer is designed to identify resources in your account that are shared with external entities, including other AWS accounts. Conversely, the IAM credential report only lists IAM users and their credential status, while AWS IAM Identity Center and Amazon Cognito focus on user authentication and single sign-on rather than auditing resource sharing.