Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 13 discussion

Correct Answer is AC

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "Bool": {"aws:MultiFactorAuthPresent": "true"}, "NumericLessThan": {"aws:MultiFactorAuthAge": 7200} } } ] }

AC, not AE. As mentioned in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html

its A & E MFAAge checks how much time has passed since the user's last MFA usage SessionAge makes sure the MFA session is NOT more than the selected timelimit.

The correct answer is AC, the MFA age must be less than or equal to 7200

Correct Answer is AC

C. "NumericLessThan": {"aws:MultiFactorAuthAge": "7200"} This condition ensures that the action is allowed only if the MFA session age is less than 7200 seconds (2 hours), meaning it enforces the requirement that each MFA session remains valid for only 2 hours. This is a correct choice as it directly addresses the session validity requirement. D. "NumericGreaterThan": {"aws:MultiFactorAuthAge": "7200"} This condition would allow the action only if the MFA session age is greater than 7200 seconds, which is contrary to the requirement. Therefore, this option is incorrect.

AC ofc

A and C

AC Action is ALLOW..as long as the auth. age is LESS 7200 seconds.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html

A and C https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html#MFAProtectedAPI-overview

A and C

A and C

A and C