AWS Certified Cloud Practitioner (CLF-C02) — Question 455

A company needs to check for IAM access keys that have not been rotated recently.

Which AWS service should the company use to meet this requirement?

Answer options

• A. AWS WAF
• B. AWS Shield
• C. Amazon Cognito
• D. AWS Trusted Advisor

Correct answer: D

Explanation

AWS Trusted Advisor includes a security check specifically designed to identify active IAM access keys that have not been rotated recently. AWS WAF and AWS Shield are web application security and DDoS protection services, respectively, while Amazon Cognito handles application-level customer identity management. Thus, AWS Trusted Advisor is the appropriate service for auditing credential rotation compliance.