exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 157 discussion

A company uses an organization in AWS Organizations to manage hundreds of AWS accounts. Some of the accounts provide access to external AWS principals through cross-account IAM roles and Amazon S3 bucket policies.

The company needs to identify which external principals have access to which accounts.

Which solution will provide this information?

  • A. Enable AWS Identity and Access Management Access Analyzer for the organization. Configure the organization as a zone of trust. Filter findings by AWS account ID.
  • B. Create a custom AWS Config rule to monitor IAM roles in each account. Deploy an AWS Config aggregator to a central account. Filter findings by AWS account ID.
  • C. Activate Amazon Inspector. Integrate Amazon Inspector with AWS Security Hub. Filter findings by AWS account ID for the IAM role resource type and the S3 bucket policy resource type.
  • D. Configure the organization to use Amazon GuardDuty. Filter findings by AWS account ID for the Discovery:IAMUser/AnomalousBehavior finding type.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
cumzle_com
5 months, 1 week ago
Selected Answer: A
Option A using AWS IAM Access Analyzer is the most suitable solution for identifying external principals (AWS accounts) with access to accounts managed within an AWS Organizations setup. It provides centralized and specific insights into cross-account access permissions, which aligns well with the company's requirement to track external access across multiple AWS accounts.
upvoted 2 times
...
jade290
6 months ago
Selected Answer: A
AWS IAM Access Analyzer is a least privilege service that allows central review and removal of unused and external access across your AWS accounts with continuous monitoring. Reference: https://aws.amazon.com/iam/access-analyzer/
upvoted 3 times
...
fibonacciname
6 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 2 times
...
mehmetsungur
6 months, 3 weeks ago
Option A is the most appropriate solution for identifying external principals' access to AWS accounts within an organization.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...