AWS Certified Security – Specialty — Question 476

A company maintains an open-source application that is hosted on a public GitHub repository. While creating a new commit to the repository, an engineer uploaded their AWS access key and secret access keys. The engineer reported the mistake to a manager, and the manager immediately disabled the access key.
The company needs to assess the impact of the exposed access key. A security engineer must recommend a solution that requires the least possible managerial overhead.
Which solution meets these requirements?

Answer options

• A. Analyze an AWS Identity and Access Management (IAM) use report from AWS Trusted Advisor to see when the access key was last used.
• B. Analyze Amazon CloudWatch Logs for activity by searching for the access key.
• C. Analyze VPC flow logs for activity by searching for the access key.
• D. Analyze a credential report in AWS Identity and Access Management (IAM) to see when the access key was last used.

Correct answer: D

Explanation

The IAM credential report is a built-in AWS feature that lists all users in the account along with the status and last-used timestamp of their respective credentials, offering the lowest operational overhead to check if the key was misused. Searching Amazon CloudWatch Logs or VPC flow logs is highly inefficient and complex, especially since VPC flow logs only capture network IP traffic and not API-level IAM key usage. AWS Trusted Advisor does not offer a specific IAM use report that details individual access key last-used timestamps as directly as the IAM credential report.