SAP-C02 · Question #722
SAP-C02 Question #722: Real Exam Question with Answer & Explanation
Sign in or unlock SAP-C02 to reveal the answer and full explanation for question #722. The question stem and answer options stay visible for context.
Question
A company is using GitHub Actions to run a CI/CD pipeline that accesses resources on AWS. The company has an IAM user that uses a secret key in the pipeline to authenticate to AWS. An existing IAM role with an attached policy grants the required permissions to deploy resources. The company's security team implements a new requirement that pipelines can no longer use long-lived secret keys. A solutions architect must replace the secret key with a short-lived solution. Which solution will meet these requirements with the LEAST operational overhead?
Options
- ACreate an IAM SAML 2.0 identity provider (IdP) in AWS Identity and Access Management (IAM).
- BCreate an IAM OpenID Connect (OIDC) identity provider (IdP) in AWS Identity and Access
- CCreate an Amazon Cognito identity pool. Configure the authentication provider to use GitHub.
- DCreate a trust anchor to AWS Private Certificate Authority. Generate a client certificate to use with
Unlock SAP-C02 to see the answer
You've previewed enough free SAP-C02 questions. Unlock SAP-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.