Topic 1 Question 231
2 つ選択A company uses AWS Organizations to manage its AWS accounts. A DevOps engineer must ensure that all users who access the AWS Management Console are authenticated through the company’s corporate identity provider (IdP).
Which combination of steps will meet these requirements?
Use Amazon GuardDuty with a delegated administrator account Use GuardDuty to enforce denial of IAM user logins.
Use AWS IAM Identity Center to configure identity federation with SAML 2.0.
Create a permissions boundary in AWS IAM Identity Center to deny password logins for IAM users.
Create IAM groups in the Organizations management account to apply consistent permissions for all IAM users.
Create an SCP in Organizations to deny password creation for IAM users.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: BE
BE is answer { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iam:CreateLoginProfile", "iam:UpdateLoginProfile" ], "Resource": "*" } ] }
👍 4KaranNishad2024/06/27 - 正解だと思う選択肢: BE
of course B. E enforce that users cannot log in directly with IAM credentials. Instead, they must use the SSO setup provided by AWS IAM Identity Center, ensuring compliance with the requirement to authenticate through the corporate IdP.
👍 3trungtd2024/07/13 ---> BE
👍 2tgv2024/07/15
シャッフルモード