ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 878 discussion

Exam question from Amazon's AWS-SysOps
Question #: 878
Topic #: 1
[All AWS-SysOps Questions]

A company has a multi-account AWS environment that includes the following:
✑ A central identity account that contains all IAM users and groups
✑ Several member accounts that contain IAM roles
A SysOps administrator must grant permissions for a particular IAM group to assume a role in one of the member accounts.
How should the SysOps administrator accomplish this task?

  • A. In the member account, add sts:AssumeRole permissions to the role's policy. In the identity account, add a trust policy to the group that specifies the account number of the member account.
  • B. In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:AssumeRole permissions.
  • C. In the member account, add the group Amazon Resource Name (ARN) to the role's trust policy. In the identity account, add an inline policy to the group with sts:PassRole permissions.
  • D. In the member account, add the group Amazon Resource Name (ARN) to the role's inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by binhdt2611 at May 6, 2021, 8:23 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
binhdt2611
Highly Voted 1 year, 3 months ago
Answer is B https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html
upvoted 10 times
davidy2020
1 year, 2 months ago
Confirmed B, i'm doing this frequently
upvoted 1 times
...
...
juraj666
Most Recent 11 months, 2 weeks ago
Selected Answer: B
voting for B after reading the docs, it's good to draw a picture which one is trusting and which one is trusted account to understand where is added the role policy
upvoted 1 times
...
Madaan
1 year ago
I can't challenge someone who mentioned he does this frequently, but it looks A to me based on what I know of and how I understand cross-account access.
upvoted 1 times
...
lartex
1 year, 2 months ago
Is A for me
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel