ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty SCS-C02 All Questions

View all questions & answers for the AWS Certified Security - Specialty SCS-C02 exam
Go to Exam

Exam AWS Certified Security - Specialty SCS-C02 topic 1 question 7 discussion

Exam question from Amazon's AWS Certified Security - Specialty SCS-C02
Question #: 7
Topic #: 1
[All AWS Certified Security - Specialty SCS-C02 Questions]

A company needs a security engineer to implement a scalable solution for multi-account authentication and authorization. The solution should not introduce additional user-managed architectural components. Native AWS features should be used as much as possible. The security engineer has set up AWS Organizations with all features activated and AWS IAM Identity Center (AWS Single Sign-On) enabled.
Which additional steps should the security engineer take to complete the task?

  • A. Use AD Connector to create users and groups for all employees that require access to AWS accounts. Assign AD Connector groups to AWS accounts and link to the IAM roles in accordance with the employees’ job functions and access requirements. Instruct employees to access AWS accounts by using the AWS Directory Service user portal.
  • B. Use an IAM Identity Center default directory to create users and groups for all employees that require access to AWS accounts. Assign groups to AWS accounts and link to permission sets in accordance with the employees’ job functions and access requirements. Instruct employees to access AWS accounts by using the IAM Identity Center user portal.
  • C. Use an IAM Identity Center default directory to create users and groups for all employees that require access to AWS accounts. Link IAM Identity Center groups to the IAM users present in all accounts to inherit existing permissions. Instruct employees to access AWS accounts by using the IAM Identity Center user portal.
  • D. Use AWS Directory Service for Microsoft Active Directory to create users and groups for all employees that require access to AWS accounts. Enable AWS Management Console access in the created directory and specify IAM Identity Center as a source of information for integrated accounts and permission sets. Instruct employees to access AWS accounts by using the AWS Directory Service user portal.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by KR693 at Oct. 24, 2023, 5:39 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Daniel76
Highly Voted 1 year, 1 month ago
Selected Answer: B
A. AD Connector only provides connectivity, not managing users. C. IAM users should not need to be created in all accounts - results in admin overhead. assume role instead. D. Letting end users DIY access in AWS Management Console, AWS Directory Service user portal is not a good idea.
upvoted 6 times
...
Raphaello
Most Recent 10 months, 1 week ago
Selected Answer: B
Keywords: "Native AWS features should be used as much as possible" Therefore choose to use Identity Center's own directory, plus there is no mention to on-prem AD and hence AD connector does not make sense. For the same reason, using AWS Directory Service - Managed MS AD does not fit with native AWS feature. Option B is the right answer.
upvoted 2 times
...
lalee2
1 year, 1 month ago
Selected Answer: B
https://aws.amazon.com/ko/iam/identity-center/faqs/
upvoted 2 times
...
pupsik
1 year, 2 months ago
Selected Answer: B
Normally we would use AD Connector to connect to on-premises AD. But option A doesn't come close to that. Hence option B.
upvoted 4 times
...
KR693
1 year, 2 months ago
Option B
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel