Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 38 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 38
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer has been tasked with restricting a contractor's IAM account access to the company’s Amazon EC2 console without providing access to any other AWS services. The contractor's IAM account must not be able to gain access to any other AWS service, even if the IAM account is assigned additional permissions based on IAM group membership.
What should the security engineer do to meet these requirements?

  • A. Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
  • B. Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
  • C. Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
  • D. Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kk2000 at Oct. 7, 2023, 3:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
WeepingMaplte
Highly Voted 9 months, 4 weeks ago
Selected Answer: B
IAM permissions boundary policy is a managed policy that defines the maximum permissions that an identity-based policy can grant to an IAM entity (user or role). It essentially acts as a safety net to prevent users and roles from exceeding their intended permissions.
upvoted 8 times
...
navid1365
Most Recent 4 months, 3 weeks ago
Selected Answer: B
A permissions boundary defines the maximum level of access that an IAM identity can have.
upvoted 1 times
...
Raphaello
8 months ago
Selected Answer: B
IAM permissions boundary definition use.
upvoted 1 times
...
trashbox
9 months, 3 weeks ago
Exam on 2023-12-18
upvoted 2 times
Raphaello
8 months ago
What do you mean?
upvoted 2 times
...
...
Daniel76
10 months, 1 week ago
Selected Answer: B
Only B talks about restricting the access, by using permission boundary. D - if you assign more than one role to the vendor, there's always risk that the instruction is not followed. A, C- regardless of feasibility, by creating allow doesn't block the vendor from accessing services other than EC2 instance.
upvoted 2 times
...
Aamee
10 months, 1 week ago
Selected Answer: B
B makes more sense to me as it would explicitly define the specific service based IAM permissions policy which then can be associated with the contractor's IAM account which then help in restricting down his access to only at that service level in question.
upvoted 1 times
...
awssecuritynewbie
10 months, 1 week ago
Selected Answer: C
he Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
awssecuritynewbie
10 months, 1 week ago
the Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
YR4591
10 months, 3 weeks ago
Selected Answer: B
B is right
upvoted 2 times
...
kejam
11 months ago
Answer B https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_bound
upvoted 3 times
...
100fold
11 months, 3 weeks ago
Selected Answer: B
Answer B
upvoted 2 times
...
kk2000
12 months ago
B is the correct answer
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel