ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 233 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 233
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company is migrating its development and production workloads to a new organization in AWS Organizations. The company has created a separate member account for development and a separate member account for production. Consolidated billing is linked to the management account. In the management account, a solutions architect needs to create an IAM user that can stop or terminate resources in both member accounts.

Which solution will meet this requirement?

  • A. Create an IAM user and a cross-account role in the management account. Configure the cross-account role with least privilege access to the member accounts.
  • B. Create an IAM user in each member account. In the management account, create a cross-account role that has least privilege access. Grant the IAM users access to the cross-account role by using a trust policy.
  • C. Create an IAM user in the management account. In the member accounts, create an IAM group that has least privilege access. Add the IAM user from the management account to each IAM group in the member accounts.
  • D. Create an IAM user in the management account. In the member accounts, create cross-account roles that have least privilege access. Grant the IAM user access to the roles by using a trust policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by bhanus at June 22, 2023, 3:18 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
bhanus
Highly Voted 1 year, 10 months ago
Selected Answer: D
D - Cross account role should be created in destination(member) account. The role has trust entity to master account.
upvoted 6 times
...
duriselvan
Most Recent 1 year, 5 months ago
A is ans A. Create an IAM user and a cross-account role in the management account. Configure the cross-account role with least privilege access to the member accounts. Here's why: Cross-account roles: Provide a secure and managed way for users or services in one AWS account to access resources in another account. Least privilege access: Configure the cross-account role with the minimum permissions needed to stop or terminate resources in the member accounts, minimizing potential security risks. Centralized control: Maintaining user credentials and access in the management account simplifies centralized management and auditing.
upvoted 1 times
helloworldabc
8 months, 3 weeks ago
just D
upvoted 1 times
...
...
career360guru
1 year, 5 months ago
Selected Answer: D
Option D
upvoted 2 times
...
skyhiker
1 year, 8 months ago
Hmm, seems like alot of work. What if the question was, In the management account, a solutions architect needs to create an IAM user that can stop or terminate resources in 100 organization or member accounts? Asked AI "Using AWS Organizations, can you create both IAM user and permission sets in the management account for accessing managed organization resources?" The answer was Yes.
upvoted 1 times
...
NikkyDicky
1 year, 10 months ago
Selected Answer: D
its a D
upvoted 2 times
...
SmileyCloud
1 year, 10 months ago
Selected Answer: D
One user is sufficient and you need cross-account role.
upvoted 4 times
...
MoussaNoussa
1 year, 10 months ago
D - Cross account role should be created in destination(member) account. The role has trust entity to master account.
upvoted 2 times
...
bhanus
1 year, 10 months ago
Selected Answer: D
D - Cross account role should be created in destination account(which is member account) and trust policy should be there
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago