Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 38 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02

Question #: 38
Topic #: 1

[All AWS Certified Security - Specialty SCS-C02 Questions]

A company's security engineer has been tasked with restricting a contractor's IAM account access to the company’s Amazon EC2 console without providing access to any other AWS services. The contractor's IAM account must not be able to gain access to any other AWS service, even if the IAM account is assigned additional permissions based on IAM group membership.
What should the security engineer do to meet these requirements?

A. Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
B. Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
C. Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
D. Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.

Show Suggested Answer

Suggested Answer: B 🗳️

by kk2000 at Oct. 7, 2023, 3:01 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

WeepingMaplte

Highly Voted 1 year ago

Selected Answer: B

IAM permissions boundary policy is a managed policy that defines the maximum permissions that an identity-based policy can grant to an IAM entity (user or role). It essentially acts as a safety net to prevent users and roles from exceeding their intended permissions.

upvoted 9 times

...

c6ed25a

Most Recent 3 months, 1 week ago

Selected Answer: B

B Boundary defines limitation

upvoted 1 times

...

navid1365

7 months, 2 weeks ago

Selected Answer: B

A permissions boundary defines the maximum level of access that an IAM identity can have.

upvoted 1 times

...

Raphaello

10 months, 3 weeks ago

Selected Answer: B

IAM permissions boundary definition use.

upvoted 1 times

...

trashbox

1 year ago

Exam on 2023-12-18

upvoted 2 times

Raphaello

10 months, 3 weeks ago

What do you mean?

upvoted 3 times

...

Daniel76

1 year, 1 month ago

Selected Answer: B

Only B talks about restricting the access, by using permission boundary. D - if you assign more than one role to the vendor, there's always risk that the instruction is not followed. A, C- regardless of feasibility, by creating allow doesn't block the vendor from accessing services other than EC2 instance.

upvoted 2 times

...

Aamee

1 year, 1 month ago

Selected Answer: B

B makes more sense to me as it would explicitly define the specific service based IAM permissions policy which then can be associated with the contractor's IAM account which then help in restricting down his access to only at that service level in question.

upvoted 1 times

...