Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 37 Topic 4 Discussion

Amazon Web Services AWS Certified Security – Specialty SCS-C03 Question # 37 Topic 4 Discussion

SCS-C03 Exam Topic 4 Question 37 Discussion:
Question #: 37
Topic #: 4

A company uses an incident response team to troubleshoot incidents. The incident response team must use temporary credentials from AWS STS for cross-account IAM role access when troubleshooting. Occasionally, each team member will need to respond to multiple different types of incidents simultaneously. Based on the type of incident, the company wants to dynamically assign minimal permissions to whichever team member responds.

Which solution will meet these requirements?


A.

Attach a policy to the cross-account role that grants the appropriate permissions for all types of incidents. Reduce the scope of those permissions by using a session policy.


B.

Attach a policy to the cross-account role that grants the appropriate permissions for all types of incidents. Reduce the scope of those permissions by using a permissions boundary.


C.

Do not assign any permissions to the cross-account role initially. Assign a session policy to the role being assumed with the required permission for that type of incident.


D.

Use an AWS Lambda function for each incident. Configure the function to create a temporary cross-account role that uses the AWS managed policy AWSSecurityIncidentResponseServiceRolePolicy. Reduce the scope of those permissions by using a permissions boundary.


Get Premium SCS-C03 Questions

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.