As an AWS account administrator, you wish to perform an audit and create a report of all services that have not been used in the IAM role “DevOps_Admin” in the past 6 months. 
Which AWS service would you use to accomplish this task?

Answer options:

A.AWS IAM Access Advisor
B.AWS GuardDuty
C.AWS CloudTrail
D.AWS Resource Access Manager
E.AWS Config

Answer: A
Option A is CORRECT because AWS IAM Access Advisor provides permission guardrails to help control which services your developers and applications can access. By analyzing the last accessed information, you can determine the services not used by IAM users and roles.
Option B is incorrect because GuardDuty is a threat detection service.
Option C is incorrect because using CloudTrail does not provide the most efficient way to accomplish the task.
Option D is incorrect because AWS Resource Access Manager is a service for securing shared access to AWS resources across multiple AWS accounts.
Option E is incorrect because AWS Config is a service for controlling the configurations of AWS resources.
AWS IAM access advisor uses data analysis to help you set permission guardrails confidently by providing service last accessed information for your accounts, organizational units (OUs), and your organization managed by AWS Organizations.
You can implement permissions guardrails using service control policies (SCPs) that restrict access to those services.
Reference:
https://aws.amazon.com/about-aws/whats-new/2019/06/now-use-iam-access-advisor-with-aws-organizations-to-set-permission-guardrails-confidently/