SCS-C02 · Question #112
SCS-C02 Question #112: Real Exam Question with Answer & Explanation
The correct answer is C: Create a break glass IAM role for the account. Allow security team members to perform the. https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-
Question
A company uses SAML federation to grant users access to AWS accounts. A company workload that is in an isolated AWS account runs on immutable infrastructure with no human access to Amazon EC2. The company requires a specialized user known as a break glass user to have access to the workload AWS account and instances in the case of SAML errors. A recent audit discovered that the company did not create the break glass user for the AWS account that contains the workload. The company must create the break glass user. The company must log any activities of the break glass user and send the logs to a security team. Which combination of solutions will meet these requirements? (Choose two.)
Options
- ACreate a local individual break glass IAM user for the security team. Create a trail in AWS
- BCreate a break glass EC2 key pair for the AWS account. Provide the key pair to the security
- CCreate a break glass IAM role for the account. Allow security team members to perform the
- DCreate a local individual break glass IAM user on the operating system level of each workload
- EConfigure AWS Systems Manager Session Manager for Amazon EC2. Configure an AWS
Explanation
https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/break-glass-
Community Discussion
No community discussion yet for this question.