AWS Certified Cloud Practitioner — Question 337

Which AWS service should a company use to check for IAM access keys that have not been rotated recently?

Answer options

• A. AWS WAF
• B. AWS Trusted Advisor
• C. Amazon Inspector
• D. AWS Certificate Manager (ACM)

Correct answer: B

Explanation

AWS Trusted Advisor includes a specific security check that monitors IAM access keys and flags those that have not been rotated within the last 90 days. AWS WAF is a web application firewall, Amazon Inspector is designed for vulnerability scanning of EC2 instances and container images, and AWS Certificate Manager manages SSL/TLS certificates, making none of them suitable for auditing IAM key rotation.