CCCS-203B · Question #71
CCCS-203B Question #71: Real Exam Question with Answer & Explanation
The correct answer is C. Define a policy in CIEM targeting the "Finance" group and map it to the relevant roles and. Option A: Configuring policies directly in the cloud provider's IAM service bypasses CIEM's centralized management capabilities, reducing visibility and control over entitlements. Synchronization with CIEM is typically used for monitoring, not primary configuration. Option B: Dea
Question
Options
- AConfigure the policy in the cloud provider's IAM service and then synchronize it with CIEM.
- BUse CIEM to deactivate all policies for other groups, leaving only the "Finance" group with
- CDefine a policy in CIEM targeting the "Finance" group and map it to the relevant roles and
- DAssign the policy at the cloud provider level and ensure it applies to all roles, overriding specific
Explanation
Option A: Configuring policies directly in the cloud provider's IAM service bypasses CIEM's centralized management capabilities, reducing visibility and control over entitlements. Synchronization with CIEM is typically used for monitoring, not primary configuration. Option B: Deactivating all other policies is not a scalable or secure approach. It can inadvertently disrupt other users' workflows and does not utilize CIEM's ability to manage entitlements Option C: CIEM enables you to define and assign policies targeting specific groups, such as "Finance," and map them to roles and permissions for services like cloud storage. This approach ensures policies are aligned with organizational requirements and avoids over-provisioning. Option D: While assigning policies at the cloud provider level is possible, it is not the recommended approach when using CIEM. CIEM provides granular control, allowing you to manage permissions based on groups or roles rather than applying blanket policies.
Community Discussion
No community discussion yet for this question.