ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 38 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 38
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer has been tasked with restricting a contractor's IAM account access to the company’s Amazon EC2 console without providing access to any other AWS services. The contractor's IAM account must not be able to gain access to any other AWS service, even if the IAM account is assigned additional permissions based on IAM group membership.
What should the security engineer do to meet these requirements?

  • A. Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
  • B. Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
  • C. Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
  • D. Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kk2000 at Oct. 7, 2023, 3:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WeepingMaplte
Highly Voted 10 months ago
Selected Answer: B
IAM permissions boundary policy is a managed policy that defines the maximum permissions that an identity-based policy can grant to an IAM entity (user or role). It essentially acts as a safety net to prevent users and roles from exceeding their intended permissions.
upvoted 9 times
...
c6ed25a
Most Recent 2 weeks, 4 days ago
Selected Answer: B
B Boundary defines limitation
upvoted 1 times
...
navid1365
4 months, 3 weeks ago
Selected Answer: B
A permissions boundary defines the maximum level of access that an IAM identity can have.
upvoted 1 times
...
Raphaello
8 months ago
Selected Answer: B
IAM permissions boundary definition use.
upvoted 1 times
...
trashbox
9 months, 3 weeks ago
Exam on 2023-12-18
upvoted 2 times
Raphaello
8 months ago
What do you mean?
upvoted 3 times
...
...
Daniel76
10 months, 1 week ago
Selected Answer: B
Only B talks about restricting the access, by using permission boundary. D - if you assign more than one role to the vendor, there's always risk that the instruction is not followed. A, C- regardless of feasibility, by creating allow doesn't block the vendor from accessing services other than EC2 instance.
upvoted 2 times
...
Aamee
10 months, 2 weeks ago
Selected Answer: B
B makes more sense to me as it would explicitly define the specific service based IAM permissions policy which then can be associated with the contractor's IAM account which then help in restricting down his access to only at that service level in question.
upvoted 1 times
...
awssecuritynewbie
10 months, 2 weeks ago
Selected Answer: C
he Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
awssecuritynewbie
10 months, 2 weeks ago
the Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
YR4591
10 months, 4 weeks ago
Selected Answer: B
B is right
upvoted 2 times
...
kejam
11 months ago
Answer B https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_bound
upvoted 3 times
...
100fold
11 months, 3 weeks ago
Selected Answer: B
Answer B
upvoted 2 times
...
kk2000
1 year ago
B is the correct answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago