Topic 1 Question 454

AWS Certified Solutions Architect - Professional

Topic 1 Question 454
A solutions architect must provide a secure way for a team of cloud engineers to use the AWS CLI to upload objects into an Amazon S3 bucket. Each cloud engineer has an IAM user, IAM access keys, and a virtual multi-factor authentication (MFA) device. The IAM users for the cloud engineers are in a group that is named S3-access. The cloud engineers must use MFA to perform any actions in Amazon S3.

Which solution will meet these requirements?
- Attach a policy to the S3 bucket to prompt the IAM user for an MFA code when the IAM user performs actions on the S3 bucket. Use IAM access keys with the AWS CLI to call Amazon S3.
- Update the trust policy for the S3-access group to require principals to use MFA when principals assume the group. Use IAM access keys with the AWS CLI to call Amazon S3.
- Attach a policy to the S3-access group to deny all S3 actions unless MFA is present. Use IAM access keys with the AWS CLI to call Amazon S3.
- Attach a policy to the S3-access group to deny all S3 actions unless MFA is present. Request temporary credentials from AWS Security Token Service (AWS STS). Attach the temporary credentials in a profile that Amazon S3 will reference when the user performs actions in Amazon S3.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
  D STS seems to be the answer https://advancedweb.hu/aws-how-to-secure-access-keys-with-mfa/ https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_configure-api-require.html
  
  👍 5
  pangchn2024/03/24
- 正解だと思う選択肢: D
  access keys with AWS CLI will just skip the MFA
  
  👍 4
  VerRi2024/03/24
- 正解だと思う選択肢: D
  A & C are incorrect - Using IAM access keys with the AWS CLI would bypass the requirement for MFA.
  
  Not B - MFA should be required for specific actions, not just when assuming a role or group.
  
  👍 1
  CMMC2024/03/19
シャッフルモード

ユーザの投票

コメント(6)