ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 763 discussion

Exam question from Amazon's AWS-SysOps
Question #: 763
Topic #: 1
[All AWS-SysOps Questions]

An enterprise is using federated Security Assertion Markup Language (SAML) to access the AWS Management Console.
How should the SAML assertion mapping be configured?

  • A. Map the group attribute to an AWS group. The AWS group is assigned IAM policies that govern access to AWS resources.
  • B. Map the policy attribute to IAM policies the federated user is assigned to. These policies govern access to AWS resources.
  • C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
  • D. Map the user attribute to an AWS user. The AWS user is assigned specific IAM policies that govern access to AWS resources.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_assertions.html
by nicat at May 8, 2020, 3:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nicat
Highly Voted 2 years, 9 months ago
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
upvoted 5 times
...
albert_kuo
Most Recent 11 months, 3 weeks ago
Selected Answer: C
By mapping the role attribute from the SAML assertion to an AWS role, you can assign specific IAM policies to that role, which in turn determine the permissions and access rights the federated user has in the AWS environment.
upvoted 1 times
...
RicardoD
2 years, 8 months ago
C is the answer Mapping to a role with the necessary policies is the best solution
upvoted 1 times
...
abhishek_m_86
2 years, 8 months ago
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
upvoted 2 times
...
jackdryan
2 years, 8 months ago
I'll go with C
upvoted 1 times
...
MFDOOM
2 years, 9 months ago
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
upvoted 1 times
...
waterzhong
2 years, 9 months ago
An IAM SAML 2.0 identity provider is an entity in IAM that describes an external identity provider (IdP) service that supports the SAML 2.0 (Security Assertion Markup Language 2.0) standard. You use an IAM identity provider when you want to establish trust between a SAML-compatible IdP such as Shibboleth or Active Directory Federation Services and AWS, so that users in your organization can access AWS resources. IAM SAML identity providers are used as principals in an IAM trust policy.
upvoted 3 times
...
waterzhong
2 years, 9 months ago
C. Map the role attribute to an AWS role. The AWS role is assigned IAM policies that govern access to AWS resources.
upvoted 1 times
...
AWS_Noob
2 years, 9 months ago
C https://docs.aws.amazon.com/redshift/latest/mgmt/generating-iam-credentials-sso-role.html
upvoted 3 times
gofavad926
2 years, 9 months ago
C but not your link (redshift) https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel