AWS Certified Security – Specialty SCS-C01 – Question318

A company is outsourcing its operational support to an external company. The company's security officer must implement an access solution for delegating operational support that minimizes overhead.
Which approach should the security officer take to meet these requirements?

A.
Implement Amazon Cognito identity pools with a role that uses a policy that denies the actions related to Amazon Cognito API management. Allow the external company to federate through its identity provider.
B. Federate AWS Identity and Access Management (IAM) with the external company's identity provider. Create an IAM role and attach a policy with the necessary permissions.
C. Create an IAM group for the external company. Add a policy to the group that denies IAM modifications. Securely provide the credentials to the external company.
D. Use AWS SSO with the external company's identity provider. Create an IAM group to map to the identity provider user group, and attach a policy with the necessary permissions.