Bird
0
0

You want to enforce MFA for all IAM users before they can delete any S3 bucket. Which policy condition is best to achieve this?

hard📝 Application Q8 of 15
AWS - Identity and Access Management
You want to enforce MFA for all IAM users before they can delete any S3 bucket. Which policy condition is best to achieve this?
A"Condition": {"StringEquals": {"aws:RequestedRegion": "us-east-1"}}
B"Condition": {"IpAddress": {"aws:SourceIp": "192.168.0.1/32"}}
C"Condition": {"Bool": {"aws:MultiFactorAuthPresent": "true"}}
D"Condition": {"Bool": {"aws:MultiFactorAuthPresent": "false"}}
Step-by-Step Solution
Solution:

  1. Step 1: Identify MFA enforcement condition

    The condition 'aws:MultiFactorAuthPresent' set to true requires MFA authentication.

  2. Step 2: Apply condition to delete actions

    Using this condition in a policy restricts delete actions unless MFA is used.

  3. Final Answer:

    Condition requiring MFA present (true) -> Option C

  4. Quick Check:

    MFA required = B [OK]
Quick Trick: Use aws:MultiFactorAuthPresent = true to enforce MFA [OK]
Common Mistakes:
  • Using IP address or region conditions incorrectly
  • Setting MFA condition to false
  • Ignoring MFA enforcement in policies

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Why CLI matters for automation - Quiz 15hard AWS CLI - CLI scripting basics - Quiz 8hard AWS CLI - Installing AWS CLI - Quiz 13medium Cloud Computing Fundamentals - AWS Management Console walkthrough - Quiz 1easy Cloud Computing Fundamentals - Cloud deployment models (public, private, hybrid) - Quiz 4medium EC2 Fundamentals - Instance types and families - Quiz 13medium Identity and Access Management - IAM roles concept - Quiz 9hard S3 Fundamentals - Uploading and downloading objects - Quiz 15hard S3 Fundamentals - S3 versioning - Quiz 7medium VPC Fundamentals - Route tables configuration - Quiz 5medium