Q92 — AWS SAA-C03 Ch.4

Question 92 of 105 | ← Chapter 4

Q287. A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities. While following the principle of least privilege. Which combination of actions should the solutions architect take to accomplish this goal? (Select TWO.)

Correct Answer: D. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only, E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.

Explanation

Option A talks about using root user credentials which don't make any sense . Question states about least privileges' which is not the case in B and C."principle of least privilege"A is wrong for sure since root access B and C are wrong since "PowerUsers and Administrate/Access IAM policy " are not least privilege