A company has an IAM group. All of the IAM users in the group have been assigned a multi-factor authentication (MFA) device and have full access to Amazon S3. The company needs to ensure that users in the group can perform S3 actions only after the users authenticate with MFA. A security engineer must design a solution that accomplishes this goal with the least maintenance overhead. Which combination of actions will meet these requirements? (Choose two.)
A) Add a customer managed Deny policy to users in the group for s3:*actions.
B) Add a customer managed Deny policy to the group for s3:*actions.
C) Add a customer managed Allow policy to the group for s3:*actions.
D) Add a condition to the policy: "Condition" : { "BoolIfExists" : { "aws:MultiFactorAuthPresent" : false } }
E) "Condition" : { "Bool" : { "aws:MultiFactorAuthPresent" : false } }
Correct Answer:
Verified
Q273: A security engineer has noticed an unusually
Q274: An application is running on an Amazon
Q275: A large government organization is moving to
Q276: A company is undergoing a layer 3
Q277: A large company has hundreds of AWS
Q279: A company is hosting a web application
Q280: A company plans to create individual child
Q281: A company needs its Amazon Elastic Block
Q282: A security engineer must develop an encryption
Q283: A company has a serverless application for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents