ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 60 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 60
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.
How should a solutions architect address this issue?

  • A. Create an Amazon SNS topic to send an alert every time a developer creates a new policy.
  • B. Use service control policies to disable IAM activity across all accounts in the organizational unit.
  • C. Prevent the developers from attaching any policies and assign all IAM duties to the security operations team.
  • D. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by brig at June 5, 2020, 11:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
foreverlearner
Highly Voted 3 years, 7 months ago
Permission boundaries are for this use case. Be aware that you can assign boundaries only to users and roles, not groups
upvoted 76 times
...
sumitchhabra
Highly Voted 3 years, 7 months ago
Answer should be D As We have to address the problem in the question and the Security operations team is concerned only about administrator policies.
upvoted 31 times
...
Sachin032
Most Recent 2 years, 3 months ago
Selected Answer: D
Permission boundaries are for this use case
upvoted 1 times
...
queen101
2 years, 9 months ago
DDDDDDDDDDDDDDDDD
upvoted 2 times
...
marklovesaws143
2 years, 9 months ago
Selected Answer: D
DDDDDDDDDDDDDD
upvoted 1 times
...
buna6750
2 years, 10 months ago
Selected Answer: D
D is the best answer setting up boundaries
upvoted 1 times
...
slcheng
2 years, 10 months ago
Selected Answer: D
shouldn't grant Admin right. Ans D
upvoted 1 times
...
slcheng
2 years, 10 months ago
Selected Answer: D
Agreed with D
upvoted 1 times
...
Ukosas
3 years ago
Answer is D
upvoted 1 times
...
saifeddine92
3 years, 2 months ago
Selected Answer: D
easy one D
upvoted 1 times
...
[Removed]
3 years, 5 months ago
Option "D" makes more applicable sense.
upvoted 1 times
...
Vijay1986
3 years, 5 months ago
Selected Answer: D
IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy
upvoted 1 times
...
RagnarLodbrok
3 years, 6 months ago
D is Correct
upvoted 1 times
...
Vibes
3 years, 6 months ago
D is ok
upvoted 2 times
...
woke
3 years, 6 months ago
D is the answer
upvoted 5 times
...
Abdullah777
3 years, 6 months ago
D in neal
upvoted 6 times
...
syu31svc
3 years, 6 months ago
Correct answer is D as IAM permissions boundary on developer role would help limit maximum permissions that an identity-based policy can grant.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago