Topic 1 Question 248
A consultant agency needs to perform a security audit for a company’s production AWS account. Several consultants need access to the account. The consultant agency already has its own AWS account.
The company requires multi-factor authentication (MFA) for all access to its production account. The company also forbids the use of long-term credentials.
Which solution will provide the consultant agency with access that meets these requirements?
Create an IAM group. Create an IAM user for each consultant. Add each user to the group. Turn on MFA for each consultant.
Configure Amazon Cognito on the company’s production account to authenticate against the consultant agency’s identity provider (IdP). Add MFA to a Cognito user pool.
Create an IAM role in the consultant agency’s AWS account. Define a trust policy that requires MFA. In the trust policy, specify the company’s production account as the principal. Attach the trust policy to the role.
Create an IAM role in the company’s production account. Define a trust policy that requires MFA. In the trust policy, specify the consultant agency’s AWS account as the principal. Attach the trust policy to the role.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: D
Security: By creating an IAM role in the company's production account, the consultants will only have temporary access to the specific resources granted by the role. This limits the potential damage if credentials are compromised.
MFA Enforcement: The trust policy can be configured to require MFA for all access to the role, ensuring that consultants are authenticated with a strong second factor.
No Long-Term Credentials: The consultants will not need long-term access keys, as they will use temporary credentials generated by their AWS account.
Granular Access Control: The IAM role can be configured with specific permissions to limit access to only the necessary resources, reducing the risk of unauthorized actions.
This approach provides a secure, flexible, and compliant solution for granting temporary access to the consultant agency while enforcing strong security measures.
👍 1IPLogic2024/12/05
シャッフルモード