exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 38 discussion

A company's security engineer has been tasked with restricting a contractor's IAM account access to the company’s Amazon EC2 console without providing access to any other AWS services. The contractor's IAM account must not be able to gain access to any other AWS service, even if the IAM account is assigned additional permissions based on IAM group membership.
What should the security engineer do to meet these requirements?

  • A. Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
  • B. Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
  • C. Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
  • D. Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
WeepingMaplte
Highly Voted 12 months ago
Selected Answer: B
IAM permissions boundary policy is a managed policy that defines the maximum permissions that an identity-based policy can grant to an IAM entity (user or role). It essentially acts as a safety net to prevent users and roles from exceeding their intended permissions.
upvoted 8 times
...
navid1365
Most Recent 6 months, 3 weeks ago
Selected Answer: B
A permissions boundary defines the maximum level of access that an IAM identity can have.
upvoted 1 times
...
Raphaello
10 months ago
Selected Answer: B
IAM permissions boundary definition use.
upvoted 1 times
...
trashbox
11 months, 3 weeks ago
Exam on 2023-12-18
upvoted 2 times
Raphaello
10 months ago
What do you mean?
upvoted 2 times
...
...
Daniel76
1 year ago
Selected Answer: B
Only B talks about restricting the access, by using permission boundary. D - if you assign more than one role to the vendor, there's always risk that the instruction is not followed. A, C- regardless of feasibility, by creating allow doesn't block the vendor from accessing services other than EC2 instance.
upvoted 2 times
...
Aamee
1 year ago
Selected Answer: B
B makes more sense to me as it would explicitly define the specific service based IAM permissions policy which then can be associated with the contractor's IAM account which then help in restricting down his access to only at that service level in question.
upvoted 1 times
...
Selected Answer: C
he Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
the Answer should be C, creating a inline does not deny him access to everything else and it also makes it harder to manager and scale.
upvoted 1 times
...
YR4591
1 year ago
Selected Answer: B
B is right
upvoted 2 times
...
kejam
1 year ago
Answer B https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_bound
upvoted 3 times
...
100fold
1 year, 1 month ago
Selected Answer: B
Answer B
upvoted 2 times
...
kk2000
1 year, 2 months ago
B is the correct answer
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...