AWS Certified SysOps Administrator – Associate — Question 477

The security team is concerned because the number of AWS Identity and Access Management (IAM) policies being used in the environment is increasing. The team tasked a SysOps administrator to report on the current number of IAM policies in use and the total available IAM policies.
Which AWS service should the administrator use to check how current IAM policy usage compares to current service limits?

Answer options

• A. AWS Trusted Advisor
• B. Amazon Inspector
• C. AWS Config
• D. AWS Organizations

Correct answer: A

Explanation

AWS Trusted Advisor includes a Service Limits check that monitors resource usage, including the number of active IAM policies, and alerts you when you approach service limits. Amazon Inspector is designed for security vulnerability scanning of EC2 instances, while AWS Config tracks resource configuration history. AWS Organizations is utilized for consolidated billing and multi-account management, making AWS Trusted Advisor the correct tool for checking service limits.