Multiple Choice
A company has an IAM group. All of the IAM users in the group have been assigned a multi-factor authentication (MFA) device and have full access to Amazon S3. The company needs to ensure that users in the group can perform S3 actions only after the users authenticate with MFA. A security engineer must design a solution that accomplishes this goal with the least maintenance overhead. Which combination of actions will meet these requirements? (Choose two.)
A) Add a customer managed Deny policy to users in the group for s3:*actions.
B) Add a customer managed Deny policy to the group for s3:*actions.
C) Add a customer managed Allow policy to the group for s3:*actions.
D) Add a condition to the policy: "Condition" : { "BoolIfExists" : { "aws:MultiFactorAuthPresent" : false } }
E) "Condition" : { "Bool" : { "aws:MultiFactorAuthPresent" : false } }
Correct Answer:
Verified
Correct Answer:
Verified
Q116: Which of the following minimizes the potential
Q117: A user is implementing a third-party web
Q118: A security engineer is defining the controls
Q119: A Security Engineer is looking for a
Q120: A company's AWS CloudTrail logs are all
Q122: A Security Engineer signed in to the
Q123: A security engineer is designing an incident
Q124: An organization is moving non-business-critical applications to
Q125: A company is hosting multiple applications within
Q126: A Security Engineer creates an Amazon S3