SCS-C02 · Question #362
SCS-C02 Question #362: Real Exam Question with Answer & Explanation
The correct answer is B: Create an IAM policy with a condition which denies access when the IP address range is not from. You can actually use a Deny condition which will not allow the person to log in from outside. The below example shows the Deny condition to ensure that any address specified in the source address is not allowed to access the resources in aws. Option A is invalid because you don't
Question
An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM console only within the organization and not from outside. How can it achieve this?
Options
- ACreate an IAM policy with the security group and use that security group for AWS console login
- BCreate an IAM policy with a condition which denies access when the IP address range is not from
- CConfigure the EC2 instance security group which allows traffic only from the organization's IP
- DCreate an IAM policy with VPC and allow a secure gateway between the organization and AWS
Explanation
You can actually use a Deny condition which will not allow the person to log in from outside. The below example shows the Deny condition to ensure that any address specified in the source address is not allowed to access the resources in aws. Option A is invalid because you don't mention the security group in the IAM policy Option C is invalid because security groups by default don't allow traffic Option D is invalid because the IAM policy does not have such an option. example-ec2- two-condition
Community Discussion
No community discussion yet for this question.