Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 81 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 81
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company uses AWS Organizations. The company wants to implement short-term credentials for third-party AWS accounts to use to access accounts within the company's organization. Access is for the AWS Management Console and third-party software-as-a-service (SaaS) applications. Trust must be enhanced to prevent two external accounts from using the same credentials. The solution must require the least possible operational effort.

Which solution will meet these requirements?

  • A. Use a bearer token authentication with OAuth or SAML to manage and share a central Amazon Cognito user pool across multiple Amazon API Gateway APIs.
  • B. Implement AWS IAM Identity Center (AWS Single Sign-On), and use an identity source of choice. Grant access to users and groups from other accounts by using permission sets that are assigned by account.
  • C. Create a unique IAM role for each external account. Create a trust policy Use AWS Secrets Manager to create a random external key.
  • D. Create a unique IAM role for each external account. Create a trust policy that includes a condition that uses the sts:ExternalId condition key.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by oioi at Nov. 23, 2023, 8:45 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
jakie22332
1 week, 2 days ago
Selected Answer: B
B supports all the requirements with the LEAST operational overhead
upvoted 1 times
...
SHERLOCKAWS
9 months, 2 weeks ago
Selected Answer: D
Explained here > https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 2 times
...
vikasj1in
10 months ago
Creating a unique IAM role for each external account allows you to grant specific permissions to each external account independently. Including a condition in the trust policy that uses the sts:ExternalId condition key allows you to enhance the trust between the accounts and prevent one external account from using the credentials intended for another external account. The sts:ExternalId condition ensures that the request is accompanied by the expected external ID, adding an extra layer of security. Options A, B, and C do not specifically address the requirement to prevent two external accounts from using the same credentials and may introduce unnecessary complexity or dependencies.
upvoted 1 times
...
WeepingMaplte
11 months ago
Selected Answer: D
What is an external ID: An external ID is a unique identifier that is managed by a third-party identity provider (IdP). It's used to verify the identity of a user without requiring them to have an AWS IAM account. Creating a role with an external ID: You can create a role in your AWS account and specify an external ID source (e.g., SAML provider, OIDC provider). You can define trust relationships between the role and the external IdP. This ensures that only authorized users with the correct external ID can assume the role. You can attach IAM policies to the role to grant specific permissions to access AWS resources.
upvoted 2 times
...
kejam
11 months, 2 weeks ago
Selected Answer: D
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 3 times
...
Aamee
11 months, 3 weeks ago
Selected Answer: D
C looks a bit reasonable but with a condition on the role makes it more secured so going with 'D'.
upvoted 1 times
...
[Removed]
11 months, 3 weeks ago
Selected Answer: D
D will do it. The rest are distractors / incorrect
upvoted 2 times
...
oioi
11 months, 3 weeks ago
Selected Answer: D
correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel