ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 342 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 342
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.
Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)

  • A. Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.
  • B. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the PowerUsers IAM policy attached.
  • C. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached.
  • D. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only.
  • E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.
Show Suggested Answer Hide Answer
Suggested Answer: DE 🗳️
by dmscountera at March 11, 2021, 4:41 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dmscountera
Highly Voted 3 years, 7 months ago
Honestly i excluded A B C logically so D. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only. E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role. Are left to be correct
upvoted 48 times
...
syu31svc
Highly Voted 3 years, 7 months ago
"principle of least privilege" A is wrong for sure since root access B and C are wrong since "PowerUsers and Administrate/Access IAM policy " are not least privilege D and E
upvoted 21 times
...
queen101
Most Recent 2 years, 9 months ago
DDDDDDDDDDDDEEEEEEEEEEEE
upvoted 1 times
...
awsas2022
2 years, 9 months ago
What is the correct option ?
upvoted 1 times
...
amabdelmongy
2 years, 9 months ago
Selected Answer: DE
D E B is not correct becuase it will have power permission
upvoted 2 times
...
marklovesaws143
2 years, 9 months ago
Selected Answer: DE
DEDEDEDEDEDE
upvoted 2 times
...
slcheng
2 years, 10 months ago
Selected Answer: BD
Power User usually create for restrict control for folders/group of users only. such like allow run only permission for stack.
upvoted 1 times
...
goblin123
3 years, 2 months ago
What is Dial IAM role?
upvoted 2 times
...
rukkoth
3 years, 4 months ago
D & E First three answers include with admin user type permissions. So we can ignore A,B,C
upvoted 1 times
...
jcesarguedes
3 years, 5 months ago
Resposta D,E aqui é Brasilllll
upvoted 3 times
...
Sunflyhome
3 years, 6 months ago
what is "using Dial IAM role"?
upvoted 3 times
gogod2
2 years, 3 months ago
Think they meant dual.
upvoted 1 times
...
...
gary_gary
3 years, 6 months ago
Doesn't D & E overlap each other? Why do you want to create both IAM user and role for the deployment engineer. The question ask combination of actions which should be sequentially related?
upvoted 1 times
...
jkwek
3 years, 6 months ago
Answer is D and E. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
upvoted 8 times
...
ansh18061986
3 years, 6 months ago
For me correct options are D & E . Option A talks about using root user credentials which don't make any sense . Question states about least privileges' which is not the case in B and C.
upvoted 2 times
...
KK_uniq
3 years, 7 months ago
D and E for sure
upvoted 2 times
...
aesr10
3 years, 7 months ago
D AND E
upvoted 2 times
...
leliodesouza
3 years, 7 months ago
Should be D and E.
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago