SCS-C02 · Question #208
SCS-C02 Question #208: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #208. The question stem and answer options stay visible for context.
Question
A company has two AWS accounts: Account A and Account B. Account A has an IAM role that IAM users in Account B assume when they need to upload sensitive documents to Amazon S3 buckets in Account A. A new requirement mandates that users can assume the role only if they are authenticated with multi-factor authentication (MFA). A security engineer must recommend a solution that meets this requirement with minimum risk and effort. Which solution should the security engineer recommend?
Options
- AAdd an aws:MultiFactorAuthPresent condition to the role's permissions policy.
- BAdd an aws:MultiFactorAuthPresent condition to the role's trust policy.
- CAdd an aws:MultiFactorAuthPresent condition to the session policy.
- DAdd an aws:MultiFactorAuthPresent condition to the S3 bucket policies.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.