Which two of the following options would allow an organization to enforce this policy for AWS users?


Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access
credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy
for AWS users? Choose 2 answers.

A.
Configure multi-factor authentication for privileged 1AM users

B.
Create 1AM users for privileged accounts

C.
Implement identity federation between your organization’s Identity provider leveraging the 1AM Security Token Service

D.
Enable the 1AM single-use password policy option for privileged users



Discussion

8 Responses to “Which two of the following options would allow an organization to enforce this policy for AWS users?”

  1. raysmithvic1978 says:

    A,C

  2. George says:

    A is definitely right, the to decide between B and C:
    B can be right, but if password are not rotated, it doesn’t apply.
    Same for C, if password are not rotated, it doesn’t apply.

    Since the question state “for AWS users?” I would still go with B.

  3. JK says:

    A and C

    A uses frequently rotated password via MFA device.
    C uses one time access credentials in addition to username\password via STS.

    D is incorrect, there is no ‘single-use password policy option’
    B is a waste of text

  4. Manan Kapadia says:

    A and B correct answer:

    A)Configure multi-factor authentication for privileged IAM users
    b)Create IAM users for privileged accounts (can set password policy)
    C)Implement identity federation between your organization’s Identity provider leveraging the IAM Security Token Service
    D)Enable the IAM single-use password policy option for privileged users (no such option the password expiration can be set from 1 to 1095 days)

Post a Comment