Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

💝 Valentine's Sale! Get 30% OFF Any Reviewer. Use coupon code: PASSION-4-CLOUD & 10% OFF Store Credits/Gift Cards

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Security Auditor Job role

Tagged: 

  • Slvrng

    Member
    May 24, 2024 at 4:18 pm

    Could the <b style=”font-family: inherit;”>Security job role: Security Auditor AWS managed policy (https://docs.aws.<wbr>amazon.com/IAM/latest/<wbr>UserGuide/access_policies_job-<wbr>functions.html#jf_security-<wbr>auditor) be a better answer for the question below? If not, can you please explain why?


    Category: CSAP – Continuous Improvement for Existing Solutions

    A cryptocurrency exchange company has recently signed up for a 3rd party online auditing system, which is also using AWS, to perform regulatory compliance audits on their cloud systems. The online auditing system needs to access certain AWS resources in your network to perform the audit.

    In this scenario, which of the following approach is the most secure way of providing access to the 3rd party online auditing system?


    1. Create a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign a policy that allows full and unrestricted access to all AWS resources.

    2. Create a new IAM user and assign a user policy to the IAM user that allows only the actions required by the online audit system.

    3. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.
    Create a new IAM role for cross-account access which allows the online auditing system account to assume the role. Assign it a policy that allows only the actions required for the compliance audit.

    4. Create a new IAM user and assign a user policy to the IAM user that allows full and unrestricted access to all AWS resources. Create a new access and secret key for the IAM user and provide these credentials to the 3rd party auditing company.

  • Carlo-TutorialsDojo

    Member
    May 27, 2024 at 5:39 pm

    Hello Slvrng,

    Thanks for your feedback.

    Whether applying the SecurityAudit Managed Policy is correct or not depends on the permissions actually needed by auditors. The SecurityAudit Managed Policy simply helps you save time in figuring out the permissions typically needed for carrying out auditing tasks. Regardless of the policies you apply, you’d still have to do the steps outlined in the correct answer.

    Let me know if this answers your question.

    Regards,

    Carlo Acebedo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content