Domain 4 · 16% of Exam

Identity & Access Management

Design and implement identity solutions, access controls, and permission management across AWS accounts.

What You'll Be Tested On

  • Implement least-privilege access with IAM policies and permission boundaries
  • Design cross-account access patterns with IAM roles and resource policies
  • Implement identity federation (SAML, OIDC, IAM Identity Center)
  • Configure Cognito for application authentication and authorization
  • Analyze and remediate overly permissive access with Access Analyzer

Key AWS Services in This Domain

🔑IAM👤IAM Identity Center🧑‍💻Cognito🏢Organizations

Exam Tips for Domain 4

💡

Know IAM policy evaluation logic: explicit deny → SCP → permission boundary → identity policy → resource policy

💡

Understand the difference between identity-based and resource-based policies

💡

Practice designing cross-account access for common scenarios

Practice Domain 4 Questions

Test your knowledge of Identity & Access Management with practice questions from our SCS-C02 question bank.

Start Practice Quiz →

Other SCS-C02 Domains

Domain 1Threat Detection & Incident Response14%Domain 2Security Logging & Monitoring18%Domain 3Infrastructure Security20%Domain 5Data Protection18%Domain 6Management & Security Governance14%
← SCS-C02 Study HubFree Mock Exam30-Day Study Plan