Q69 — AWS DOP-C02 Ch.3
Question 69 of 100 | ← Chapter 3
A company grants access permissions to its AWS account to an external third-party software vendor. The vendor performs various AWS operations in the AWS account and requires diverse IAM permissions. The company currently grants access by creating IAM users, attaching IAM policies, and providing IAM user credentials to the vendor.
- A. Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Replace the IAM user’s policy with the newly generated policy.
- B. Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user. ✓
- C. Use AWS Identity and Access Management Access Analyzer to discover the IAM user’s last-accessed information and create a new IAM policy that permits only the services and actions identified in the last-access review. Replace the IAM user’s policy with the newly generated policy.
- D. Use AWS Identity and Access Management Access Analyzer to discover the IAM user’s last-accessed information and create a new IAM policy that permits only the services and actions identified in the last-access review. Attach the newly generated policy as a permissions boundary to the IAM user.
Correct Answer: B. Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user.
Explanation
Option A: Policy based on CloudTrail history. Option B: Permissions boundary based on CloudTrail history. Option C: Policy based on last-accessed information. Option D: Permissions boundary based on last-accessed information.