A security engineer must develop an AWS Identity and Access Management (IAM) strategy for a company’s organization in AWS Organizations. The company needs to give developers autonomy to develop and test their applications on AWS, but the company also needs to implement security guardrails to help protect itself. The company creates and distributes applications with different levels of data classification and types. The solution must maximize scalability. Which combination of steps should the security engineer take to meet these requirements? (Choose three.)

Topic #: - All AWS Certified Security - Specialty Questions

A. Create an SCP to restrict access to highly privileged or unauthorized actions to specific IAM principals. Assign the SCP to the appropriate AWS accounts. Most Voted
B. Create an IAM permissions boundary to allow access to specific actions and IAM principals. Assign the IAM permissions boundary to all IAM principals within the organization
C. Create a delegated IAM role that has capabilities to create other IAM roles. Use the delegated IAM role to provision IAM principals by following the principle of least privilege. Most Voted
D. Create OUs based on data classification and type. Add the AWS accounts to the appropriate OU. Provide developers access to the AWS accounts based on business need. Most Voted
E. Create IAM groups based on data classification and type. Add only the required developers’ IAM role to the IAM groups within each AWS account.
F. Create IAM policies based on data classification and type. Add the minimum required IAM policies to the developers’ IAM role within each AWS account.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion