A company has two AWS accounts: Account A and Account B. Account A has an IAM role that IAM users in Account B assume when they need to upload sensitive documents to Amazon S3 buckets in Account A. A new requirement mandates that users can assume the role only if they are authenticated with multi-factor authentication (MFA) . A security engineer must recommend a solution that meets this requirement with minimum risk and effort. Which solution should the security engineer recommend?
A) Add an aws:MultiFactorAuthPresent condition to the role's permissions policy.
B) Add an aws:MultiFactorAuthPresent condition to the role's trust policy.
C) Add an aws:MultiFactorAuthPresent condition to the session policy.
D) Add an aws:MultiFactorAuthPresent condition to the S3 bucket policies.
Correct Answer:
Verified
Q250: A company wants to deploy a distributed
Q251: A city is implementing an election results
Q252: A user is implementing a third-party web
Q253: A company has developed a new Amazon
Q254: An audit determined that a company's Amazon
Q256: A security engineer has been tasked with
Q257: A company's development team is designing an
Q258: A security engineer has enabled AWS Security
Q259: A company is storing data in Amazon
Q260: A company hosts an application on Amazon
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents