SCS-C02 Domain 3: Identity and Access Management

After a design review, leadership requires the team to use permission boundaries for delegated admins. Which approach is MOST reliable? use permission boundaries for delegated admins.

Multiple choice — select one answer

Answer choices

  1. a. IAM MFA policies
  2. b. aws:SourceIp condition keys
  3. c. IAM permission boundaries
  4. d. IAM Identity Center with external IdP

Architectural breakdown & explanation

Boundaries cap maximum permissions.

Correct answer(s): c. IAM permission boundaries

Exam domain: Domain 3: Identity and Access Management (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.