AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A security engineer is tasked with enhancing the security of AWS API operations by designing an IAM policy that requires multi-factor authentication (MFA) for IAM users to access specific services within the AWS production account. Additionally, the policy must ensure that each authenticated session remains valid for no more than 2 hours. Which two conditions should be included in the IAM policy to fulfill these security requirements?
Explanation:
The correct answers are A and C. Option A ensures that multi-factor authentication (MFA) is present. Option C ensures that the session is valid only if the age of the MFA authentication is less than 7200 seconds (2 hours). These conditions together meet the requirements of enforcing MFA and limiting session validity to 2 hours.