AWS Certified Security – Specialty (SCS-C02) — Question 291

A company is investigating actions that an IAM role performed. The company must find out when the role last accessed AWS Security Hub and when the role last used the DeleteInsight action in Security Hub.

Which solution will provide this information?

Answer options

• A. Use the checks for the security category in AWS Trusted Advisor. Search for the role and examine the actions taken.
• B. Use the Access Advisor tab in AWS Identity and Access Management (IAM). Search for Security Hub and the actions taken.
• C. Use AWS Identity and Access Management (IAM) to generate a credential report. Search the report for Security Hub activity.
• D. Create an analyzer in AWS Identity and Access Management Access Analyzer. Examine the findings for the role’s actions in Security Hub.

Correct answer: B

Explanation

The Access Advisor tab in the AWS IAM console provides details about the services that an IAM identity can access and when they were last accessed, including action-level information for supported services like AWS Security Hub. AWS Trusted Advisor and IAM credential reports do not provide granular, action-level service access history for specific roles. IAM Access Analyzer is designed to identify resources shared with external entities rather than tracking historical API actions performed by an internal role.