AWS Certified Security – Specialty (SCS-C03) — Question 35

A company uses AWS IAM Identity Center to manage access to its AWS accounts. The accounts are in an organization in AWS Organizations.
A security engineer needs to set up delegated administration of IAM Identity Center in the organization's management account.
Which combination of steps should the security engineer perform in IAM Identity Center before configuring delegated administration? (Choose three.)

Answer options

• A. Grant least privilege access to the organization's management account.
• B. Create a new IAM Identity Center directory in the organization's management account.
• C. Set up a second AWS Region in the organization's management account.
• D. Create permission sets for use only in the organization's management account.
• E. Create IAM users for use only in the organization's management account.
• F. Create user assignments only in the organization’s management account.

Correct answer: B, D, F

Explanation

The correct answer includes options B, D, and F because they are essential steps for setting up delegated administration in IAM Identity Center. Option B is necessary to create a directory specific to the management account, while D and F ensure that permission sets and user assignments are properly tailored for that account. Options A, C, and E do not directly pertain to the requirements for configuring delegated administration in this context.