A security engineer is designing an IAM policy to protect AWS API operations. The policy must enforce multi-factor authentication (MFA) for IAM users to access certain services in the AWS production account. Each session must remain valid for only 2 hours. The current version of the IAM policy is as follows:
 
Which combination of conditions must the security engineer add to the IAM policy to meet these requirements? (Choose two.)

A. "Bool": {"aws:MultiFactorAuthPresent": "true"}

B. "Bool": {"aws:MultiFactorAuthPresent": "false"}

C. "NumericLessThan": {"aws:MultiFactorAuthAge": "7200"}

D. "NumericGreaterThan": {"aws:MultiFactorAuthAge": "7200"}

E. "NumericLessThan": {"MaxSessionDuration": "7200"}






 

Suggested Answer: AD

Community Answer: AC




This question is in SCS-C02 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate

Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.