Summer Special Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 8w52ceb345

A company has hundreds of AWS accounts and uses AWS Organizations.

Amazon Web Services SCS-C02 Full Course Access
Amazon Web Services SCS-C02 View All Questions

A company has hundreds of AWS accounts and uses AWS Organizations. The company plans to create many different IAM roles and policies for its product team, security team, and platform team. Some IAM policies will be shared across teams.

A security engineer needs to implement a solution to logically group together the IAM roles of each team. The solution must allow only the platform team to delegate IAM permissions to AWS services.

Which solution will meet these requirements?

A.

Set up an IAM path with the IAM roles for each team. Deploy an SCP that denies the iam:PassRole permission to all entities except the IAM path of the platform team.

B.

Apply different tags for each team to the IAM roles. Deploy an SCP that denies the sts:AssumeRole permission to all entities except the roles of the platform team.

C.

Set up an IAM path with the IAM roles for each team. Use IAM permissions boundaries to deny the sts:AssumeRole permission to the IAM roles for the product team and the security team.

SCS-C02 PDF/Engine
  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions
buy now SCS-C02 pdf
Get 60% Discount on All Products, Use Coupon: "8w52ceb345"
Next
A company uses an external identity provider to allow federation into different IAM accounts.
A company has a set of EC2 Instances hosted in IAM.
Previous