Question 61:
A third-party auditor is being brought in to review security processes and configurations for all of a company`s AWS accounts. Currently, the company does not use any on-premises identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. Now the auditor needs read-only access to all AWS resources for each AWS account. The auditor has an IAM user in his AWS account. Given the requirements, what is the most secure and easiest method for architecting access for the security auditor? Choose the correct answer from the options below.
Answer options:
A.Create an IAM user for each AWS account with read-only permission policies for the auditor, and disable each account when the audit is complete. B.Configure an on-premise AD server and enable SAML identity federation for single sign-on to each AWS account. C.Create an IAM role with read-only permissions to all AWS services in each AWS account. Allow the auditor IAM user to assume the ARN role for each AWS account. D.Create a custom identity broker application that allows the auditor to use existing Amazon credentials to log into the AWS environments.