A company has an organization in AWS Organizations. The company has configured AWS Single Sign-On (AWS SSO) to centrally manage access to the AWS accounts in the organization. A DevOps engineer needs to ensure that all users sign in by using multi-factor authentication (MFA). Users must be allowed to manage their own MFA devices. Users also must be prompted for MFA every time they sign in. What should the DevOps engineer do to meet these requirements?

Topic #: - All AWS DevOps Engineer Professional Questions

A. In AWS SSO, configure always-on MFBlock user sign-in when a user does not yet have a registered MFA device.
B. In AWS SSO, configure always-on MFA. Require a user to register an MFA device at sign-in when the user does not yet have a registered MFA device. Most Voted
C. In AWS SSO, configure context-aware MFA. Update the trust policy of all permission sets to include the aws:MultiFactorAuthPresent condition on the sts:AssumeRole action.
D. In AWS SSO, configure context-aware MFA. Block user sign-in when a user does not yet have a registered MFA device.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion