SCS-C02 Question #237: Real Exam Question with Answer & Explanation

Question

A security engineer discovers that a company's user passwords have no required minimum length. The company is using the following two identity providers (IdPs): - AWS Identity and Access Management (IAM) federated with on-premises Active Directory - Amazon Cognito user pools that contain the user database for an AWS Cloud application that the company developed Which combination of actions should the security engineer take to implement a required minimum length for the passwords? (Choose two.)

Options

• AUpdate the password length policy in the IAM configuration
• BUpdate the password length policy in the Cognito configuration.
• CUpdate the password length policy in the on-premises Active Directory configuration.
• DCreate an SCP in AWS Organizations. Configure the SCP to enforce a minimum password length
• ECreate an IAM policy that includes a condition for minimum password length Enforce the policy

Explanation

Update the password length policy in the Cognito configuration. Amazon Cognito allows you to configure password policies, including setting a required minimum length for passwords, within the user pool. This ensures that the passwords for the cloud application meet the new length requirement. Update the password length policy in the on-premises Active Directory configuration. Since IAM federates with the on-premises Active Directory, the password policies for federated users, such as the minimum password length, are managed directly within Active Directory. Updating the Active Directory policy ensures that the federated users meet the new password length requirement.

No community discussion yet for this question.