ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 248 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 248
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A consultant agency needs to perform a security audit for a company’s production AWS account. Several consultants need access to the account. The consultant agency already has its own AWS account.

The company requires multi-factor authentication (MFA) for all access to its production account. The company also forbids the use of long-term credentials.

Which solution will provide the consultant agency with access that meets these requirements?

  • A. Create an IAM group. Create an IAM user for each consultant. Add each user to the group. Turn on MFA for each consultant.
  • B. Configure Amazon Cognito on the company’s production account to authenticate against the consultant agency’s identity provider (IdP). Add MFA to a Cognito user pool.
  • C. Create an IAM role in the consultant agency’s AWS account. Define a trust policy that requires MFA. In the trust policy, specify the company’s production account as the principal. Attach the trust policy to the role.
  • D. Create an IAM role in the company’s production account. Define a trust policy that requires MFA. In the trust policy, specify the consultant agency’s AWS account as the principal. Attach the trust policy to the role.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by IPLogic at Dec. 5, 2024, 9:36 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
phmeeeee
2 weeks ago
Selected Answer: D
D - Create the role for production accoint which is required MFA from consultant account.
upvoted 1 times
...
IPLogic
4 months, 2 weeks ago
Selected Answer: D
Security: By creating an IAM role in the company's production account, the consultants will only have temporary access to the specific resources granted by the role. This limits the potential damage if credentials are compromised. MFA Enforcement: The trust policy can be configured to require MFA for all access to the role, ensuring that consultants are authenticated with a strong second factor. No Long-Term Credentials: The consultants will not need long-term access keys, as they will use temporary credentials generated by their AWS account. Granular Access Control: The IAM role can be configured with specific permissions to limit access to only the necessary resources, reducing the risk of unauthorized actions. This approach provides a secure, flexible, and compliant solution for granting temporary access to the consultant agency while enforcing strong security measures.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago