ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company hosts several workloads in AWS and wants staff to sign in to the AWS Management Console with their existing on-premises Active Directory credentials managed by ADFS. The solution must provide temporary security credentials, eliminate long-term AWS access keys, and avoid creating individual IAM users. Which approach best meets these requirements?
Create an IAM user for each employee and enforce a strong password policy with mandatory key rotation.
Configure ADFS as a SAML 2.0 identity provider in AWS, map AD groups to IAM roles, and let users assume those roles via SSO.
Integrate ADFS with AWS using OAuth 2.0 web identity federation and issue long-lived access keys for approved users.
Enable MFA on the AWS root account and distribute the root credentials to employees for console access.
Establishing a SAML 2.0 trust between ADFS (acting as the identity provider) and AWS enables users to authenticate with their AD credentials and receive temporary AWS Security Token Service credentials mapped to IAM roles. This delivers single sign-on, removes the need for permanent access keys, and avoids per-user IAM accounts. Creating IAM users or sharing the root account does not satisfy the requirement, and OAuth 2.0 web identity federation is intended for public IdPs such as Google or Facebook rather than enterprise ADFS scenarios.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML 2.0 and how does it enable authentication in AWS?
Open an interactive chat with Bash
What are temporary security credentials provided by AWS Security Token Service (STS), and how do they differ from IAM access keys?
Open an interactive chat with Bash
Why is ADFS integration via SAML better for enterprise use cases compared to OAuth 2.0 in AWS?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .