ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator must deliver a quarterly audit to executives that lists every IAM user whose password or access keys have not been used within the last 90 days. The company forbids introducing new paid services and wants the data in a downloadable CSV that can be filtered in Excel. Which native AWS feature provides the simplest way to satisfy these requirements?
Run IAM Access Analyzer and review findings for principals without recent activity.
Enable AWS CloudTrail and use Amazon Athena to query logs for users who have not invoked any API in 90 days.
Generate and download the IAM credential report, then filter the last-used dates for passwords and access keys.
Configure the AWS Config managed rule that detects unused credentials and export the compliance results.
The IAM credential report is a built-in, no-cost feature that generates a CSV file containing every IAM user, the last-used timestamp for each access key, and the last time the user signed in with a console password. Because the report can be downloaded directly from the IAM console or through the AWS CLI, administrators can quickly filter the data in Excel to locate credentials unused for 90 days.
CloudTrail logs could be queried with Athena, but this requires enabling additional services and writing SQL queries. AWS Config's iam-user-unused-credentials-check rule incurs Config charges and produces evaluations, not a ready-made CSV. IAM Access Analyzer focuses on external exposure of resources, not credential usage. Therefore, generating and reviewing the IAM credential report best meets the stated auditing, cost, and format requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly is the IAM credential report in AWS?
Open an interactive chat with Bash
How can IAM credential reports be accessed and generated?
Open an interactive chat with Bash
Why is the IAM credential report preferred over tools like CloudTrail or AWS Config for this requirement?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .