An external Auditor finds that a company’s user passwords have no minimum length.
The company is currently using two identity providers:
• AWS IAM federated with on-premises Active Directory
• Amazon Cognito user pools to accessing an AWS Cloud application developed by the company
Which combination o1 actions should the Security Engineer take to solve this issue? (Select TWO.)
A . Update the password length policy In the on-premises Active Directory configuration.
B . Update the password length policy In the IAM configuration.
C . Enforce an IAM policy In Amazon Cognito and AWS IAM with a minimum password length condition.
D . Update the password length policy in the Amazon Cognito configuration.
E . Create an SCP with AWS Organizations that enforces a minimum password length for AWS IAM and Amazon Cognito.
Answer: A,C