ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 424 - SCS-C01 discussion

Report
Export

Your development team is using access keys to develop an application that has access to S3 and DynamoDB. A new security policy has outlined that the credentials should not be older than 2 months, and should be rotated. How can you achieve this?

Please select:

A.
Use the application to rotate the keys in every 2 months via the SDK
Answers
A.
Use the application to rotate the keys in every 2 months via the SDK
B.
Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.
Answers
B.
Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.
C.
Delete the user associated with the keys after every 2 months. Then recreate the user again.
Answers
C.
Delete the user associated with the keys after every 2 months. Then recreate the user again.
D.
Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.
Answers
D.
Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.
Suggested answer: B

Explanation:

One can use the CLI command list-access-keys to get the access keys. This command also returns the "CreateDate" of the keys. If the CreateDate is older than 2 months, then the keys can be deleted. The Returns list-access-keys CLI command returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list Option A is incorrect because you might as use a script for such maintenance activities Option C is incorrect because you would not rotate the users themselves Option D is incorrect because you don't use IAM roles for such a purpose For more information on the CLI command, please refer to the below Link: http://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.htmll The correct answer is: Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.

Submit your Feedback/Queries to our Experts

asked 16/09/2024
Frank Nwabueze
34 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first