Prisma Certified Cloud Security Engineer (PCCSE) — Question 126

Which IAM RQL query would correctly generate an output to view users who enabled console access with both access keys and passwords?

Answer options

• A. config from network where api.name = ‘aws-iam-get-credential-report’ AND json.rule = cert_1_active is true or cert_2_active is true and password_enabled equals "true"
• B. config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = access_key_1_active is true or access_key_2_active is true and password_enabled equals "true"
• C. config from cloud.resource where api.name = 'aws-iam-get-credential-report’ AND json.rule = access_key_1_active is false or access_key_2_active is true and password_enabled equals "*"
• D. config where api.name = ‘aws-iam-get-credential-report' AND json.rule= access_key_1_active is true or access_key_2_active is true and password_enabled equals “true”

Correct answer: B

Explanation

Option B is correct because it checks for both access keys being active and verifies that password access is enabled, which is the requirement. Options A and D have incorrect resource types, and option C checks for one access key being inactive, which does not meet the criteria for users with both types of access.