Q69 — AWS DOP-C02 Ch.3

Question 69 of 100 | ← Chapter 3

A company grants access permissions to its AWS account to an external third-party software vendor. The vendor performs various AWS operations in the AWS account and requires diverse IAM permissions. The company currently grants access by creating IAM users, attaching IAM policies, and providing IAM user credentials to the vendor.

Correct Answer: B. Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user.

Explanation

Option A: Policy based on CloudTrail history. Option B: Permissions boundary based on CloudTrail history. Option C: Policy based on last-accessed information. Option D: Permissions boundary based on last-accessed information.