A company has provided an externally hosted third-party vendor product with access to the company's flaws account. The vendor product performs various flaws actions in the flaws account and requires various IAM permissions. The company granted the access by creating an IAM user, associating IAM policies and inserting the IAM user credentials into the vendor product. A security review reveals that the vendor’s access is overly permissive. The company wants to apply the principle of least privilege and wants to continue giving the vendor permissions to perform only the actions that the vendor has performed in the last 6 months. Which solution will meet these requirements with the LEAST effort?

Questions › Category: DOP-C01 › A company has provided an externally hosted third-party vendor product with access to the company’s flaws account. The vendor product performs various flaws actions in the flaws account and requires various IAM permissions. The company granted the access by creating an IAM user, associating IAM policies and inserting the IAM user credentials into the vendor product. A security review reveals that the vendor’s access is overly permissive. The company wants to apply the principle of least privilege and wants to continue giving the vendor permissions to perform only the actions that the vendor has performed in the last 6 months. Which solution will meet these requirements with the LEAST effort?

0 Vote Up Vote Down

Admin Staff asked 7 months ago

A company has provided an externally hosted third-party vendor product with access to the company's flaws account. The vendor product performs various flaws actions in the flaws account and requires various IAM permissions. The company granted the access by creating an IAM user, associating IAM policies and inserting the IAM user credentials into the vendor product.
A security review reveals that the vendor’s access is overly permissive. The company wants to apply the principle of least privilege and wants to continue giving the vendor permissions to perform only the actions that the vendor has performed in the last 6 months.
Which solution will meet these requirements with the LEAST effort?

A. Use flaws Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s flaws CloudTrail history. Replace the IAM user policy with the newly generated policy.

B. Use flaws Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s flaws CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user.

C. Use flaws Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Replace the IAM user policy with the newly generated policy.

D. Use flaws Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Attach the newly generated policy as a permissions boundary to the IAM user.

Correct Answer: D

This question is in DOP-C01 exam
For getting AWS DevOps Engineer - Professional Certificate

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password