AWS Certified Cloud Practitioner (CLF-C02) — Question 391

A company wants to manage sign-in security for workforce users. The company needs to create workforce users and centrally manage their access across all the company's AWS accounts and applications.

Which AWS service will meet these requirements?

Answer options

• A. AWS Audit Manager
• B. Amazon Cognito
• C. AWS Security Hub
• D. AWS IAM Identity Center (AWS Single Sign-On)

Correct answer: D

Explanation

AWS IAM Identity Center (formerly AWS Single Sign-On) is the correct service for centrally managing administrative and workforce access to multiple AWS accounts and business applications. Amazon Cognito is designed for customer-facing application authentication rather than internal workforce access. AWS Audit Manager and AWS Security Hub are compliance and security monitoring tools, not identity providers.