AWS Certified Security – Specialty — Question 189

An external auditor finds that a company's user passwords have no minimum length. The company is currently using two identity providers:
✑ AWS IAM federated with on-premises Active Directory
✑ Amazon Cognito user pools to accessing an AWS Cloud application developed by the company
Which combination of actions should the security engineer take to solve this issue? (Choose two.)

Answer options

• A. Update the password length policy in the on-premises Active Directory configuration.
• B. Update the password length policy in the IAM configuration.
• C. Enforce an IAM policy in Amazon Cognito and AWS IAM with a minimum password length condition.
• D. Update the password length policy in the Amazon Cognito configuration.
• E. Create an SCP with AWS Organizations that enforces a minimum password length for AWS IAM and Amazon Cognito.

Correct answer: A, D

Explanation

The correct answers are A and D because updating the password length policy in the on-premises Active Directory directly addresses the requirement for IAM users, while revising the policy in Amazon Cognito ensures that users accessing the AWS Cloud application also follow the new minimum length requirement. Options B, C, and E do not specifically address the policies required for both identity providers in this scenario.