ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 661 discussion

Exam question from Amazon's AWS-SysOps
Question #: 661
Topic #: 1
[All AWS-SysOps Questions]

Which of the following steps are required to configure SAML 2.0 for federated access to AWS? (Choose two.)

  • A. Create IAM users for each identity provider (IdP) user to allow access to the AWS environment.
  • B. Define assertions that map the company's identity provider (IdP) users to IAM roles.
  • C. Create IAM roles with a trust policy that lists the SAML provider as the principal.
  • D. Create IAM users, place them in a group named SAML, and grant them necessary IAM permissions.
  • E. Grant identity provider (IdP) users the necessary IAM permissions to be able to log in to the AWS environment.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by TJarriault at Sept. 18, 2019, 1:40 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coolboylqy
Highly Voted 1 year, 3 months ago
should be B&C https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
upvoted 16 times
...
mukeshs
Highly Voted 1 year, 2 months ago
It should be B and C. In IAM, you create one or more IAM roles. In the role's trust policy, you set the SAML provider as the principal, which establishes a trust relationship between your organization and AWS.
upvoted 8 times
...
asfsdfsdf
Most Recent 10 months, 1 week ago
Selected Answer: BC
I would go with B and C Roles that trust the SAML provider Mapping between Roles and IDP users
upvoted 1 times
...
RicardoD
1 year, 1 month ago
B | C are the answers You first create the IAM roles , setting the SAML provider as trusted (C), then you define assertions that map users to the IAM roles
upvoted 3 times
...
abhishek_m_86
1 year, 1 month ago
B. Define assertions that map the company's identity provider (IdP) users to IAM roles. C. Create IAM roles with a trust policy that lists the SAML provider as the principal. Seem correct
upvoted 3 times
...
jackdryan
1 year, 1 month ago
I'll go with B,C
upvoted 1 times
...
A3A3
1 year, 1 month ago
C&B: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html See Steps 4 & 5 4. In IAM, you create one or more IAM roles. In the role's trust policy, you set the SAML provider as the principal, which establishes a trust relationship between your organization and AWS. 5. n your organization's IdP, you define assertions that map users or groups in your organization to the IAM roles.
upvoted 2 times
...
waterzhong
1 year, 2 months ago
It should be B and C.
upvoted 1 times
...
shammous
1 year, 2 months ago
B and C
upvoted 1 times
...
MrKhan
1 year, 2 months ago
C, E are the correct answers.
upvoted 1 times
...
AWS_Noob
1 year, 2 months ago
B & C are indeed correct.
upvoted 2 times
...
ThoseWereTheDays
1 year, 2 months ago
B&C are correct: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html B is in Step 5 : In your organization's IdP, you define assertions that map users or groups in your organization to the IAM roles. C is in step 4: In IAM, you create one or more IAM roles. In the role's trust policy, you set the SAML provider as the principal, which establishes a trust relationship between your organization and AWS. The role's permission policy establishes what users from your organization are allowed to do in AWS.
upvoted 7 times
shammous
1 year, 2 months ago
Thank you for the detailed answer with ref.
upvoted 1 times
...
...
rby293
1 year, 2 months ago
B & C. - In your organization's IdP, you define assertions that map users or groups in your organization to the IAM roles. Note that different users and groups in your organization might map to different IAM roles. - In IAM, you create one or more IAM roles. In the role's trust policy, you set the SAML provider as the principal, which establishes a trust relationship between your organization and AWS. The role's permission policy establishes what users from your organization are allowed to do in AWS
upvoted 5 times
...
awsnoob
1 year, 2 months ago
C & E https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
upvoted 2 times
gretch
1 year, 2 months ago
from the link: "create an IAM role that establishes a trust relationship between IAM and your organization's IdP. This role must identify your IdP as a principal (trusted entity) for purposes of federation. After you create the role, inform your SAML IdP about AWS as a service provider
upvoted 3 times
...
...
saumenP
1 year, 2 months ago
B & C seems to e correct
upvoted 5 times
...
AbhishekGupta
1 year, 2 months ago
B and C correct option
upvoted 2 times
...
TJarriault
1 year, 3 months ago
I think response is "C & E"
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel