🔥 3-day streak
AWS Certified Security - Specialty59 / 157
Question 59 of 157
A company uses AWS IAM Identity Center (successor to AWS SSO) with an external SAML 2.0 identity provider for workforce federation. Users are provisioned via SCIM. The security team requires that finance analysts, who assume a permission set into a production account, can only hold active credentials for a maximum of 1 hour, while also ensuring that any employee removed from the finance group in the corporate directory loses access automatically. Which combination of actions BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question