SCS-C02 Domain 3: Identity and Access Management

The DevOps team is automating releases and must restrict access by IP with policy conditions. Which design fits best? restrict access by IP with policy conditions.

Multiple choice — select one answer

Answer choices

  1. a. IAM MFA policies
  2. b. aws:SourceIp condition keys
  3. c. IAM permission boundaries
  4. d. Lambda rotation or eliminate keys with roles

Architectural breakdown & explanation

Condition keys enforce network context.

Correct answer(s): b. aws:SourceIp condition keys

Exam domain: Domain 3: Identity and Access Management (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Security – Specialty bank. Run a full timed practice exam with domain-weighted random questions in your browser.