ExpertAWS SAP-C02 · Question 49 · Domain 1.2: Security Controls
A company is using AWS IAM Identity Center (AWS SSO). They want to enforce multi-factor authentication (MFA) for all users, but they want to allow users to register their own MFA devices without requiring administrator intervention. How can this be configured?
A company is using AWS IAM Identity Center (AWS SSO). They want to enforce multi-factor authentication (MFA) for all users, but they want to allow users to register their own MFA devices without requiring administrator intervention. How can this be configured?
Answer options:
Create an IAM policy that denies all actions unless aws:MultiFactorAuthPresent is true, and attach it to all users.
Configure the MFA settings in IAM Identity Center to 'Require MFA' and enable 'Users can add and manage their own MFA devices'.
Use AWS Directory Service for Microsoft Active Directory and configure MFA on the AD side.
Write a custom AWS Lambda function to intercept login requests and prompt for MFA.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1
75 questions · hints · full answers · grading