A company expects rapid growth. A solutions architect will create IAM groups and add new users to groups based on department. Which additional action is the MOST secure way to grant permissions to the new users?
Choose an answer
Tap an option to check your answer.
Correct answer: Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups.
Why this is the answer
Attaching an IAM policy directly to an IAM group is the most secure and straightforward method for granting permissions to new users in this scenario. When a user is added to a group, they automatically inherit all permissions defined by the policies attached to that group. This approach ensures least privilege by allowing you to define specific permissions once in the policy and apply them consistently to all members of the department group. Service Control Policies (SCPs) are used to
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed