ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization runs workloads in AWS and uses Microsoft Entra ID (Azure AD) as its corporate IdP integrated with AWS IAM Identity Center for federated logins. HR maintains Workday as system of record. Security operations wants to reduce onboarding errors and ensure new hires receive only job-appropriate AWS permissions on their first day without manual intervention. Which strategy BEST fulfills SSCP provisioning best practices?
Enable AWS root account credentials for every new hire and enforce password rotation every 90 days through an internal policy.
Create a Python script that daily pulls a CSV from HR and uses AWS CLI to attach the AdministratorAccess policy to each new user created in AWS IAM.
Configure Workday to emit SCIM events to Azure AD, map users to security groups representing job roles, and let IAM Identity Center automatically provision corresponding permission sets in AWS.
Require team leads to submit IAM user creation requests via email to the cloud team, which manually provisions users using the console and applies policies as requested.
Automated, role-based provisioning that flows from the authoritative HR source through the IdP and into AWS satisfies least-privilege and audit requirements while eliminating manual steps. Using SCIM to push new hire objects from Workday to Azure AD, mapping them to role-specific groups, and allowing IAM Identity Center to automatically create the corresponding assignments means the account is created once, permissions are inherited from the group, and any later changes are handled consistently. The other choices either rely on error-prone manual processes, violate the principle of least privilege by granting AdministratorAccess, or expose highly sensitive root credentials, all of which conflict with secure provisioning practices.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SCIM and why is it used in provisioning?
Open an interactive chat with Bash
What is IAM Identity Center, and how does it work with Azure AD?
Open an interactive chat with Bash
What is the principle of least privilege, and why is it important in onboarding processes?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .