Free AWS SAP-C02 Actual Exam Questions - Question 8 Discussion
Question No. 8
An AWS partner company is building a service in AWS Organizations using Its organization named
org. This service requires the partner company to have access to AWS resources in a customer
account, which is in a separate organization named org2 The company must establish least privilege
security access using an API or command line tool to the customer account
What is the MOST secure way to allow org1 to access resources h org2?
org. This service requires the partner company to have access to AWS resources in a customer
account, which is in a separate organization named org2 The company must establish least privilege
security access using an API or command line tool to the customer account
What is the MOST secure way to allow org1 to access resources h org2?
Select all that apply, then reveal solution.
US
FM
Farhan M.
2026-02-20
C/D? Both suggest using an IAM role, which is good. D’s extra external ID makes sense for security, but the question doesn’t say it’s required. C might still be acceptable if external ID isn’t specified.
0
FM
Farhan M.
2026-02-09
Maybe D is best because the external ID helps confirm the partner’s identity and avoids unauthorized access. C misses that extra security step, so D seems safer overall.
0
SA
Sohail A.
2026-01-27
Maybe D is best since using an external ID helps prevent the confused deputy problem, adding a security layer not mentioned in C. Sharing keys or user creds like in A or B is definitely too risky.
0
EL
Ethan L.
2026-01-16
Not A-sharing access keys is way too risky. D makes the most sense since it uses a role with an external ID for secure cross-account access, which adds an extra security layer.
0