🔥 3-day streak
AWS Certified Security - Specialty73 / 184
Question 73 of 184

A company uses AWS IAM Identity Center integrated with an external SAML 2.0 identity provider (IdP) for workforce single sign-on. Users are provisioned into Identity Center via SCIM from the IdP. Security requires that when an employee is terminated in the IdP, their ability to obtain new AWS access is revoked promptly, but they are concerned that already-active AWS CLI sessions could remain valid for hours. The current permission sets use the default 1-hour session duration. Which combination of actions BEST meets the requirement to limit lingering access after deprovisioning?

Reviewed for accuracy · Report an issueNext question