A company needs to grant an external auditor read-only access to specific AWS resources. The auditor has their own AWS account. What is the MOST secure way to grant this access?

Answer options:

Create an IAM user with read-only permissions and share the credentials with the auditor.

Create an IAM role with read-only permissions in the company's account and grant the auditor's AWS account permission to assume the role.

Create an S3 bucket policy that grants public read access to the required resources.

Set up AWS Directory Service and create a user for the auditor.

How to approach this question

Identify the requirement for cross-account access and apply the AWS best practice of using IAM roles instead of sharing long-term credentials.

Full Answer

B.Create an IAM role with read-only permissions in the company's account and grant the auditor's AWS account permission to assume the role.✓ Correct

IAM roles allow you to delegate access to users or services that normally don't have access to your organization's AWS resources. This is the standard for cross-account access.

Common mistakes

Choosing to create an IAM user and sharing keys, which is a major security risk.

All questions Question 02

Practice the full AWS SAA-C03 Practice Exam 5

65 questions · hints · full answers · grading

More questions from this exam

Q02An application running on EC2 instances needs to access objects in an S3 bucket. The security tea...Medium Q03A company is designing a VPC for a multi-tier web application. They need to block specific malici...Medium Q04A large enterprise uses AWS Organizations to manage multiple accounts. The security team wants to...Hard Q05A company hosts a web application on an Application Load Balancer (ALB). They are experiencing SQ...Medium Q06A financial company requires that all data stored in Amazon S3 is encrypted at rest using keys ma...Hard

View all 65 questions →