ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 62 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 62
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A company plans to move most of its IT infrastructure to AWS. They want to leverage their existing on-premises Active Directory as an identity provider for AWS.
Which combination of steps should a Security Engineer take to federate the company's on-premises Active Directory with AWS? (Choose two.)

  • A. Create IAM roles with permissions corresponding to each Active Directory group.
  • B. Create IAM groups with permissions corresponding to each Active Directory group.
  • C. Configure Amazon Cloud Directory to support a SAML provider.
  • D. Configure Active Directory to add relying party trust between Active Directory and AWS.
  • E. Configure Amazon Cognito to add relying party trust between Active Directory and AWS.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by Moon at June 10, 2019, 5:09 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mojoa
Highly Voted 3 years, 8 months ago
A and D. https://aws.amazon.com/blogs/security/how-to-establish-federated-access-to-your-aws-resources-by-using-active-directory-user-attributes/
upvoted 38 times
...
sensor
Highly Voted 3 years, 8 months ago
Cloud directory is used for hierarchichal storage, but not for authenthication. https://aws.amazon.com/cloud-directory/ I would go for A & D
upvoted 16 times
McBTTF
3 years, 8 months ago
AWS Directory Service for Microsoft Active Directory (Enterprise Edition), or AWS Microsoft AD, is designed to support Windows-based workloads that require Microsoft Active Directory. AWS Microsoft AD is intended for enterprise IT use cases and applications that depend on Microsoft Active Directory. Amazon Cognito User Pools is an identity solution for developers that need authentication, federation, and credentials management for users. Amazon Cloud Directory is designed for developers who need to manage large volumes of hierarchical data, and need a flexible directory solution that supports multiple sets of relationships and built-in data validation.
upvoted 3 times
...
...
Raphaello
Most Recent 1 year, 3 months ago
Selected Answer: AD
AD are the correct answers.
upvoted 1 times
...
ITGURU51
2 years ago
In this particular case we need to create IAM roles within AWS and map them to AD groups. We also need to configure AD as the party of trust between AD and AWS.
upvoted 1 times
...
peddyua
2 years, 3 months ago
Selected Answer: AD
Cognito is for Web apps sign-ins and mobile apps, even though you can integrate AD with it, but it's a different use case, correct answer is AD
upvoted 2 times
...
luis12345
2 years, 5 months ago
You do not need Cognito to connect your on-prem Ad with AWS
upvoted 1 times
luis12345
2 years, 5 months ago
AD then
upvoted 1 times
...
...
sky_top_onestart
2 years, 6 months ago
Selected Answer: AD
E is incorrect. When developing apps in AWS, using external google as IdP. In the above situation, Cognito is used when suing external google as IdP
upvoted 2 times
...
hubekpeter
2 years, 6 months ago
Selected Answer: AE
A and E are the correct answers https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
upvoted 1 times
...
janvandermerwer
2 years, 7 months ago
Selected Answer: AD
A and D Typically you'd use either an AD connector or something like ADFS in this case. You could use something like an Azure AD enterprise app, but still doesn't meet the specific requirement.
upvoted 2 times
...
ErnstVonPappen
2 years, 7 months ago
I had this question on exam Sept 2022
upvoted 1 times
...
SlayerB
3 years, 7 months ago
FYI you can't configure AD for the relying partner so D is out Source: am MSCE
upvoted 2 times
1awssec
3 years, 7 months ago
https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
upvoted 2 times
...
sandromechi
1 year, 11 months ago
U're right. But, to AWS side, they consider it as AD. We can supose that it can mean ADFS.
upvoted 1 times
...
...
DerekKey
3 years, 7 months ago
A&D - complete setup instruction is described here https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
upvoted 3 times
...
sanjaym
3 years, 7 months ago
Ans: AD
upvoted 2 times
...
Huy
3 years, 7 months ago
It is A&E. Because they want to use existing on-premises AD as IDP so AWS must trust the AD, not AD trusts AWS so D is incorrect.
upvoted 1 times
ChinkSantana
3 years, 7 months ago
You dont need COGNITO for this.
upvoted 1 times
hubekpeter
2 years, 6 months ago
And then what ? Create trust between an on prem and managed AD ? You need a SSO provider, ADFS, Cognito, KeyCloak you named it where AD is only an identity backend. Only then you can configure federated identity over for example saml 2.0 and configure correct IAM groups which you'll get over saml claims.
upvoted 1 times
...
...
...
NANDY666
3 years, 7 months ago
A & D are correct
upvoted 2 times
...
blaker00
3 years, 7 months ago
a & c. Here is azureAD connective via saml to aws... https://aws.amazon.com/blogs/security/how-to-automate-saml-federation-to-multiple-aws-accounts-from-microsoft-azure-active-directory/
upvoted 1 times
...
shooricg
3 years, 7 months ago
its A & D https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel