AWS Certified Solutions Architect – Professional — Question 158

In AWS IAM, which of the following predefined policy condition keys checks how long ago (in seconds) the MFA-validated security credentials making the request were issued using multi- factor authentication (MFA)?

Answer options

Correct answer: A

Explanation

The correct answer is A, aws:MultiFactorAuthAge, as it specifically measures the age of the MFA credentials in seconds. The other options do not exist as predefined keys or do not serve this specific function in AWS IAM policy conditions.