ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A company operates several AWS accounts joined by AWS Organizations. Security wants an automated identity-management lifecycle that ensures new hires receive least-privilege console access, and that entitlements are revoked immediately when employees leave, without creating long-lived IAM users in each account. Which approach best meets these requirements?
Create IAM users in every account, add them to least-privilege IAM groups, and trigger a daily Lambda function to delete users listed as terminated.
Distribute the root credentials of each account to project managers, who rotate the passwords whenever staffing changes occur.
Integrate AWS IAM Identity Center with the corporate SAML identity provider, map directory groups to permission sets, and require users to assume roles in each account through federation.
Enable an Amazon Cognito user pool in each account, invite developers individually, and attach inline IAM policies to the generated identities.
AWS IAM Identity Center (successor to AWS SSO) allows the organization to connect its existing SAML-compatible identity provider and map directory groups to permission sets that correspond to IAM roles in every member account. Users are provisioned and de-provisioned automatically through the corporate directory, so no per-account IAM users or manual cleanup is needed. Creating individual IAM users or Cognito identities still leaves long-lived credentials to manage and does not provide automatic, directory-driven de-provisioning. Sharing or rotating root credentials is contrary to security best practices and offers no role granularity or audit controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS IAM Identity Center?
Open an interactive chat with Bash
What is SAML, and how does it integrate with AWS IAM Identity Center?
Open an interactive chat with Bash
Why is automated provisioning and de-provisioning important in identity management?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .