Question #839

试题更新时间: 2023-11-07 12:59:45

A third party auditor is being brought in to review security processes and configurations for all of a company's AWS accounts. Currently, the company does not use any on-premise identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. The auditor needs read-only access to all AWS resources for each AWS account. Given the requirements, what is the best security method for architecting access for the security auditor? Choose the correct answer from the options below

A. Create an IAM user for each AWS account with read-only permission policies for the auditor, and disable each account when the audit is complete.

B. Configure an on-premise AD server and enable SAML and identify federation for single sign-on to each AWS account.

C. Create an IAM role with read-only permissions to all AWS services in each AWS account. Create one auditor IAM account and add a permissions policy that allows the auditor to assume the ARN role for each AWS account that has an assigned role.

D. Create a custom identity broker application that allows the auditor to use existing Amazon credentials to Log into the AWS environments.

上一题收藏列表练习记录

下一题点击收藏

问题反馈