ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Security - Specialty All Questions

View all questions & answers for the AWS Certified Security - Specialty exam
Go to Exam

Exam AWS Certified Security - Specialty topic 1 question 227 discussion

Exam question from Amazon's AWS Certified Security - Specialty
Question #: 227
Topic #: 1
[All AWS Certified Security - Specialty Questions]

A security engineer is responsible for providing secure access to AWS resources for thousands of developers in a company's corporate identity provider (IdP). The developers access a set of AWS services from their corporate premises using IAM credentials. Due to the volume of requests for provisioning new IAM users, it is taking a long time to grant access permissions. The security engineer receives reports that developers are sharing their IAM credentials with others to avoid provisioning delays. This causes concern about overall security for the security engineer.
Which actions will meet the program requirements that address security?

  • A. Create an Amazon CloudWatch alarm for AWS CloudTrail events. Create a metric filter to send a notification when the same set of IAM credentials is used by multiple developers.
  • B. Create a federation between AWS and the existing corporate IdP. Leverage IAM roles to provide federated access to AWS resources.
  • C. Create a VPN tunnel between the corporate premises and the VPC. Allow permissions to all AWS services only if it originates from corporate premises.
  • D. Create multiple IAM roles for each IAM user. Ensure that users who use the same IAM credentials cannot assume the same IAM role at the same time.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by viestner at March 16, 2021, 8:27 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
refuz
Highly Voted 3 years, 8 months ago
B for sure
upvoted 10 times
...
Raphaello
Most Recent 1 year, 4 months ago
Selected Answer: B
Correct answer is B. Creating a federation between company's IdP and map it to roles in company's AWS accounts.
upvoted 1 times
...
pal40sg
2 years, 1 month ago
Selected Answer: B
By implementing federated access using the corporate identity provider (IdP) and leveraging IAM roles, developers can authenticate with their existing corporate credentials and be granted temporary credentials with limited permissions. This eliminates the need for provisioning individual IAM users and reduces the risk of credential sharing.
upvoted 2 times
...
arpgaur
2 years, 5 months ago
B is the best option. it is not enough to stop users from sharing credentials, they should also be able to access the AWS services.
upvoted 1 times
...
jishrajesh
2 years, 6 months ago
B is correct
upvoted 1 times
...
dcasabona
2 years, 11 months ago
Selected Answer: B
Option B.
upvoted 1 times
...
munish3420
3 years, 7 months ago
As question states - Company has Idp and once users are provisioned using Idp , you can assign access using IAM roles. So ans is B
upvoted 1 times
...
skipbaylessfor3
3 years, 8 months ago
Let me try to rule some out... D - doesn't seem right... I don't think you would have multiple IAM roles for each IAM user... Usually you have 1 role that is shared by many users C - "allow permissions to all AWS services" nah that seems too permissive A - not sure if you can do that using metric filters. Maybe you could use an alarm to see if the same set of credentials is used too many times? But that's not mentioned here anyway Looks like B is probably it
upvoted 2 times
...
sanjaym
3 years, 8 months ago
B 100%
upvoted 4 times
...
Larsson
3 years, 9 months ago
B easy
upvoted 2 times
...
cldy
3 years, 9 months ago
B. Definitely.
upvoted 1 times
...
viestner
3 years, 9 months ago
B, agree
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel