An external auditor finds that a company's user passwords have no minimum length. The company is currently using two identity providers:
✑ AWS IAM federated with on-premises Active Directory
✑ Amazon Cognito user pools to accessing an AWS Cloud application developed by the company
Which combination of actions should the security engineer take to solve this issue? (Choose two.)

A. Update the password length policy in the on-premises Active Directory configuration.

B. Update the password length policy in the IAM configuration.

C. Enforce an IAM policy in Amazon Cognito and AWS IAM with a minimum password length condition.

D. Update the password length policy in the Amazon Cognito configuration.

E. Create an SCP with AWS Organizations that enforces a minimum password length for AWS IAM and Amazon Cognito.






 

Suggested Answer: BD

Community Answer: AD




This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.