A company has two AWS accounts: Account A and Account B. Account A has an IAM role that IAM users in Account B assume when they need to upload sensitive documents to Amazon S3 buckets in Account A. A new requirement mandates that users can assume the role only if they are authenticated with multi-factor authentication (MFA). A security engineer must recommend a solution that meets this requirement with minimum risk and effort. Which solution should the security engineer recommend? A. Add an aws:MultiFactorAuthPresent condition to the role's permissions policy. B. Add an aws:MultiFactorAuthPresent condition to the role's trust policy. C. Add an aws:MultiFactorAuthPresent condition to the session policy. D. Add an aws:MultiFactorAuthPresent condition to the S3 bucket policies.  Suggested Answer: D Community Answer: B This question is in SCS-C01 AWS Certified Security – Specialty Exam For getting AWS Certified Security – Specialty Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer
