An operations team has a standard that states IAM policies should not be applied directly to users. Some new team members have not been following this standard. The operations manager needs a way to easily identify the users with attached policies.
What should a solutions architect do to accomplish this?

A. Monitor using AWS CloudTrail. B. Create an AWS Config rule to run daily. C. Publish IAM user changes to Amazon SNS. D. Run AWS Lambda when a user is modified.