Multiple Choice
A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies. How should a solutions architect address this issue?
A) Create an Amazon SNS topic to send an alert every time a developer creates a new policy.
B) Use service control policies to disable IAM activity across all account in the organizational unit.
C) Prevent the developers from attaching any policies and assign all IAM duties to the security operations team.
D) Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.
Correct Answer:
Verified
Correct Answer:
Verified
Q218: A company's database is hosted on an
Q219: A company is planning to migrate a
Q220: A company's web application is using multiple
Q221: A company's website runs on Amazon EC2
Q222: A company is using Amazon Route 53
Q224: A company is looking for a solution
Q225: A company has several Amazon EC2 instances
Q226: An administrator of a large company wants
Q227: A media company is evaluating the possibility
Q228: A company is developing a file-sharing application