ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 132 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 132
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company manually provisions IAM access for its employees. The company wants to replace the manual process with an automated process. The company has an existing Active Directory system configured with an external SAML 2.0 identity provider (IdP).

The company wants employees to use their existing corporate credentials to access AWS. The groups from the existing Active Directory system must be available for permission management in AWS Identity and Access Management (IAM). A DevOps engineer has completed the initial configuration of AWS IAM Identity Center (AWS Single Sign-On) in the company’s AWS account.

What should the DevOps engineer do next to meet the requirements?

  • A. Configure an external IdP as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
  • B. Configure AWS Directory Service as an identity source. Configure automatic provisioning of users and groups by using the SAML protocol.
  • C. Configure an AD Connector as an identity source. Configure automatic provisioning of users and groups by using the SCIM protocol.
  • D. Configure an external IdP as an identity source Configure automatic provisioning of users and groups by using the SAML protocol.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tartarus23 at June 20, 2023, 9 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tartarus23
Highly Voted 1 year, 10 months ago
Selected Answer: A
(A) AWS SSO (Single Sign-On) integrates with external identity providers using SAML 2.0, and it can automatically synchronize users and groups from a connected directory using the SCIM (System for Cross-domain Identity Management) protocol. Thus, the DevOps engineer should configure the external IdP as an identity source and then configure automatic provisioning of users and groups by using the SCIM protocol. This will ensure the groups from the existing Active Directory system are available for permission management in AWS Identity and Access Management (IAM) and that employees can use their existing corporate credentials to access AWS.
upvoted 8 times
...
jamesf
Most Recent 9 months ago
Selected Answer: A
For Note: SAML (Security Assertion Markup Language) is primarily used for authentication and authorization while SCIM (System for Cross-domain Identity Management) is a protocol used for automating user provisioning and deprovisioning across different systems and domains
upvoted 4 times
...
thanhnv142
1 year, 2 months ago
Selected Answer: A
A is correct: <The company wants employees to use their existing corporate credentials to access AWS> means we need to assign the existing IdP as an identity source B: <Configure AWS Directory Service as an identity source> is irrelevant C: < Configure an AD Connector as an identity source>: AD connector is use for connecting AWS active directory with that of on-prem. This question requires AWS identity Center D: <provisioning of users and groups by using the SAML protocol.>: SAML is an authenticate protocol. SCIM is the protocol for Idp connection
upvoted 4 times
...
zolthar_z
1 year, 5 months ago
Selected Answer: A
A: Explanation: What is the difference between SCIM and SSO? SSO (single-sign on) is a way to authenticate (sign in), and SCIM is a way to provision (create an account).
upvoted 2 times
...
XP_2600
1 year, 8 months ago
This is quoted from aws documentationThe SAML protocol however does not provide a way to query the IdP to learn about users and groups. Therefore, you must make IAM Identity Center aware of those users and groups by provisioning them into IAM Identity Center. https://docs.aws.amazon.com/singlesignon/latest/userguide/scim-profile-saml.html
upvoted 1 times
...
CirusD
1 year, 9 months ago
Answer is A : AWS Single Sign-On (AWS SSO) can be integrated with an external SAML 2.0 identity provider (IdP). AWS SSO also supports automatic provisioning (auto-provisioning) of user and group information using the System for Cross-domain Identity Management (SCIM) protocol.
upvoted 1 times
...
sb333
1 year, 9 months ago
Selected Answer: A
Answer A is correct. It is SCIM that can provision users and groups in AWS. Of course the IdP needs to support SCIM (AWS has a list of IdPs that use SCIM). Answer D is not correct as SAML is an authentication protocol (cannot be used to provision users in AWS). https://docs.aws.amazon.com/singlesignon/latest/userguide/scim-profile-saml.html https://docs.aws.amazon.com/singlesignon/latest/userguide/supported-idps.html
upvoted 2 times
...
haazybanj
1 year, 9 months ago
Selected Answer: A
The AWS IAM Identity Center (AWS Single Sign-On) has been configured initially. Now, to automate the provisioning of users and groups from the external IdP into AWS IAM, the engineer should choose the SCIM protocol. SCIM is specifically designed for automatic user provisioning, making it the appropriate choice for this scenario. Option D (Configure an external IdP as an identity source and use the SAML protocol) could work, but it does not address the requirement for automatic provisioning of users and groups. The use of SCIM (Option A) is preferred for automated user and group provisioning, as it is designed for this purpose.
upvoted 1 times
...
Snape
1 year, 9 months ago
Selected Answer: D
The company already has an external SAML 2.0 IdP, so the DevOps engineer should configure this IdP as an identity source in AWS Single Sign-On. Vs in option A would require to configure new identity source
upvoted 1 times
...
habros
1 year, 9 months ago
Selected Answer: A
A. SCIM is the automated way to provision users. You do it in AAD/AD and it propagates automatically into AWS SSO.
upvoted 1 times
...
Blueee
1 year, 10 months ago
Selected Answer: A
SCIM protocol is to sync the user and groups from the external identity source
upvoted 2 times
...
Toptip
1 year, 10 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago