CLF-C02 Domain 2: Security and Compliance

Which IAM feature allows temporary security credentials for users and roles?

Multiple choice — select one answer

Answer choices

  1. a. AWS Security Hub, while leaving refresh tokens and OAuth consent grants active pending user callback
  2. b. Security group, using password reset alone and deferring session revocation until the next business day
  3. c. AWS STS (Security Token Service)
  4. d. Security in the cloud (customer responsibility), using shared credentials instead of individual accountability.

Architectural breakdown & explanation

STS issues temporary credentials used by roles, federation, and MFA sessions.

Correct answer(s): c. AWS STS (Security Token Service)

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.